Since our last cyber resilience survey in 2018, cyberattacks on insurers have more than doubled (from 240 to 519 attacks, on average), illustrating the current cyber climate for insurers: It’s volatile.
Accenture’s State of Cyber Resilience for Insurance report presents both good and bad news amid the volatility, and reinforces our concern that, in 2018, insurers’ cybersecurity efforts were often “buying time” against threats that now are rising.
The good news? Breaches against insurers are down 42 percent since our last survey. Our survey finds some of the “nuisance” attacks—those resulting when cyber attackers commoditize their attack toolsets—are less effective as insurers have learned to fend these off via increasing password complexity requirements and two-factor authentication strategies.
Insurers have had some successes in strengthening their cyber resilience.
The less-rosy picture
With attacks on the rise and coming from new directions, insurers face a handful of challenges that stretch their ability to respond:
- Indirect attacks are increasing. Insurers should extend security measures beyond their four walls, as our survey finds 40 percent of attacks coming indirectly, from a third party connected to the business’s network. This challenge is made even more complex when companies rely on a remote workforce.
- Recovery time is lengthening. While insurance providers may have improved their ability to fend off breaches, they are detecting them at rates lower (56 percent) than cross-industry cyber resilience leaders (83 percent). Insurance companies lag cross-industry leaders in resolving breaches quickly and are exposing more of their customers—our report found 44 percent of insurers had exposed more than 500,000 customer records last year, compared to only 15 percent for cross-industry leaders.
- Insurers are investing but fear they can’t maintain the pace. Our survey finds firms increasing their cybersecurity investment. More insurers are investing at least a fifth of their cybersecurity budget on advanced technologies (89 percent, compared to 68 percent from our previous study). But they worry the cost is high and rising. Among those surveyed, 72 percent say staying ahead of attackers is a constant battle, one with an ultimately unsustainable cost.
Standouts achieve more
These challenges may seem daunting. But our Cyber Resilience Survey identified a group of elite, best-in-class insurance leaders who are demonstrating significantly greater effectiveness at cybersecurity and cyber resilience than their peers. Emulating these leaders can help insurers improve their overall effectiveness.
Best-in-class insurers identified by our survey can:
- Stop more attacks
- Find breaches faster
- Fix breaches faster
- Reduce breach impact
Elite cyber resilience insurers perform better.
Follow the leader
Would it cost even more—in terms of time, money, resources—for insurers to match the performance of “best-in-class” leaders? It might be better to view these top-notch providers as “leading the way.” They offer a path forward that may not be the costliest or most complicated. The key to their cyber resilience success is in investing wisely and efficiently in their cybersecurity efforts.
Elite cyber resilient insurance firms suggest adhering to these guidelines:
Ready to begin?
Following the trail blazed by insurance leaders can help all firms improve their cybersecurity game.
Insurers also can pursue immediate steps toward improvement. For example, they can shore up defenses against indirect attacks. The solution sounds simple enough: It’s about establishing policies, governance and enforcement such that third parties connected to your network follow the same high security standards you do. Pulling this off—and maintaining it over the long haul—would take some effort.
Fortunately, help is available. We can work with you, wherever you are in your cybersecurity journey. Read our report to see how Accenture can help your insurance firm become a cybersecurity leader.