Cyber resilience: Can insurers outpace risk?
July 10, 2020
July 10, 2020
Since our last cyber resilience survey in 2018, cyberattacks on insurers have more than doubled (from 240 to 519 attacks, on average), illustrating the current cyber climate for insurers: It’s volatile.
Accenture’s State of Cyber Resilience for Insurance report presents both good and bad news amid the volatility, and reinforces our concern that, in 2018, insurers’ cybersecurity efforts were often “buying time” against threats that now are rising.
The good news? Breaches against insurers are down 42 percent since our last survey. Our survey finds some of the “nuisance” attacks—those resulting when cyber attackers commoditize their attack toolsets—are less effective as insurers have learned to fend these off via increasing password complexity requirements and two-factor authentication strategies.
Insurers have had some successes in strengthening their cyber resilience.
42%
Successful breaches dropped by 42 percent, from 52 breaches on average in 2018 to 30 breaches now.
32%
Previously, only 9 percent of insurers could detect a security breach within 24 hours. That number now is 32 percent.
72%
Our 2018 study found only 33 percent of insurers could remediate a breach in 30 days or less. Today that number is 72 percent.
With attacks on the rise and coming from new directions, insurers face a handful of challenges that stretch their ability to respond:
These challenges may seem daunting. But our Cyber Resilience Survey identified a group of elite, best-in-class insurance leaders who are demonstrating significantly greater effectiveness at cybersecurity and cyber resilience than their peers. Emulating these leaders can help insurers improve their overall effectiveness. Best-in-class insurers identified by our survey can:
Elite cyber resilience insurers perform better.
8%
Among insurers surveyed, 8 percent fit the “elite” category, while 83 percent fell into the non-leader or average performer category.
3%
For elite insurers, only 3 percent of breaches are successful. That number rises to 14 percent for non-leading insurers.
88%
Eighty-eight percent of elite insurers detect breaches in less than a day, versus only 26 percent for non-leaders.
97%
An overwhelming 97 percent of elite insurers fix breaches in 15 or fewer days. Only 37 percent of non-leaders can say the same.
53%
Elite insurers report 53 percent of breaches have no impact on their organization. That number dips to 37 percent for non-leading insurers.
Would it cost even more—in terms of time, money, resources—for insurers to match the performance of “best-in-class” leaders? It might be better to view these top-notch providers as “leading the way.” They offer a path forward that may not be the costliest or most complicated. The key to their cyber resilience success is in investing wisely and efficiently in their cybersecurity efforts.
Elite cyber resilient insurance firms suggest adhering to these guidelines:
Speed, measured by how quickly they can detect, respond and return to normal after a breach, is a priority for leading insurers.
Leaders seek to scale investments, moving tools from pilot to full deployment. Those who succeed perform four times better than average.
Training underpins speed. A majority (59 percent) of top performing insurers offer training about security tools to more than half of users.
Organizations that collaborate within and outside their walls have a breach ratio of 6 percent versus an average of 13 percent for the rest.
Following the trail blazed by insurance leaders can help all firms improve their cybersecurity game.
Insurers also can pursue immediate steps toward improvement. For example, they can shore up defenses against indirect attacks. The solution sounds simple enough: It’s about establishing policies, governance and enforcement such that third parties connected to your network follow the same high security standards you do. Pulling this off—and maintaining it over the long haul—would take some effort.
Fortunately, help is available. We can work with you, wherever you are in your cybersecurity journey. Read our report to see how Accenture can help your insurance firm become a cybersecurity leader.