Out of the Breach: Protecting Your Policyholders (and Your Business) from Data Breaches
Did you know that every successful data breach costs an average of $3.9 million? Find out how you can fight back—with three practical tips for preventing data breaches, lowering your risk profile, and keeping your policyholders’ information safe.
Everyone knows that data breaches are dangerous, expensive, and increasingly common. They are also notoriously difficult to detect—and even more difficult to recover from. According to IBM’s 2019 Cost of a Data Breach report, it takes an average of 206 days to identify a data breach after it has occurred—and then an additional 279 days to contain the breach. A single breach costs companies an average of $3.9 million, and those costs are typically spread out over a three-year span.
Of course, these eye-opening direct costs are just the beginning. Successful data breaches also lead directly to customer turnover, damaged reputations, and a loss of customer confidence that can have an even bigger, longer-term impact.
Businesses understand these risks. Collectively, the insurance industry already invests billions to protect sensitive information. Yet serious breaches continue to grow in both size and frequency, and they continue to impact some of the largest, most successful companies in the world. There are obviously no simple answers. But here are three smart, practical steps you can take to minimize the risks, costs, and impacts of data breaches:
- Start Close to Home
82% of insurance companies claim that their own employees are the most common cause of data breaches. This includes people who respond to phishing emails, leave unlocked computers unattended, take sensitive files home on thumb drives, or “hide” a password list under their keyboard.
Technology and good IT practices can help with some of these issues, but the ultimate solution comes down to individual behavior and education. Make sure you have a formal plan in place to regularly assess every employee’s cybersecurity knowledge, identify gaps and weaknesses, and then actively train employees to identify and respond correctly to suspicious emails, properly handle sensitive information, and keep their devices safe. It’s an ongoing process, but well-trained employees who are aware of the dangers can have a major positive impact on your risk profile.
- Know Where You Stand
Every organization has security vulnerabilities and weaknesses, and the best way to understand and address them is through thorough, unbiased cybersecurity vulnerability assessments—preferably performed by a trusted, capable outside cybersecurity firm. These assessments should evaluate everything, including physical security controls, perimeter security, encryption technology, network and endpoint security, disaster recovery capabilities, and more.
You should also carefully evaluate how quickly you can detect breaches when they occur. It takes the average company 206 days to identify a breach, which is obviously unacceptable and a recipe for disaster. But with the right approach, assessment strategy, and cyber technology, you should be able to reliably spot and contain potential data breaches in nearly real-time.
- Choose the Right Partners
For example, many insurers work with vendors to process claim payments, which obviously requires direct access to sensitive data. To keep your policyholders and service providers safe, make sure your claim payment partner:
- Meets all of the relevant security standards and certifications, including PCI-DSS, SOC 1 and 2, HIPAA, and Nacha.
- Provides a secure single system of record for all your financial, claim, and payment delivery data
- Offers secure payment preferencing and electronic payment options
- Delivers secure, real-time access to payment data
Vendors that offer these kinds of capabilities can actually strengthen your security posture—and provide you with cyber capabilities you wouldn’t otherwise have access to.
Find out how VPay can help with your efforts to lower the risk of data breaches—with a complete, compliant claim payment solution that keeps sensitive policyholder and service provider data safe through every step of the payment process.