Many people believe the insurance industry is stagnant. However, in reality, insurance is constantly evolving.
As the world changes, insurance companies must provide new offerings to keep up. For example, insurance for driverless cars or rideshare services wasn't on the radar of most insurance companies until only a few decades ago. And, new technologies — such as drones and IoT — also challenge insurance companies to keep pace.
However, despite these frequent shifts, too many insurance companies are resistant to digital transformation, and that resistance means they risk falling behind — or worse.
What Exactly is Digital Transformation?
Digital transformation is more than just an oft-repeated buzzword. Put simply, digital transformation means leveraging technology. Digital transformation refines or even automates existing business processes to ultimately improve the operation of your business and the experience of your customers.
“Insurers that digitize the enterprise in this way can automate slow, error-prone and expensive processes for increased speed, accuracy and cost efficiency,” explains a whitepaper for EY.
When executed correctly, digital transformation will streamline and simplify company operations for both short-term and long-term gains.
The Risks of Outdated Infrastructure in Insurance
Despite the numerous benefits of digital transformation, many people still bristle at the idea. Change is difficult, and in an industry like insurance — where established firms have succeeded with business-as-usual for decades — introducing new technologies can ruffle some feathers.
However, failing to keep up comes with numerous risks and consequences.
Of course, cybersecurity is top of mind for many companies. But, it’s become a major priority in the insurance industry.
Hackers are increasingly targeting insurance companies because they deal with sensitive customer information for the claims and underwriting processes — such as healthcare and financial data — yet are notoriously slow to implement measures to protect themselves and their customers.
International business auditing firm KPMG surveyed more than 100 insurance CEOs. Less than one in five of them believed that their company was adequately prepared for a cybersecurity threat.
Any sort of cyber event or data breach is undeniably bad for business. First, there’s the financial fallout. Liberty Mutual’s shares dipped by 4% in June of 2018 after the company disclosed a recent data breach.
In the well-known breach of the information of approximately 78 million policyholders at Anthem, the company agreed to pay $115 million to settle lawsuits resulting from the breach. The total amount that event cost them is more than triple that, once you include costs associated with incident response and resulting security enhancements.
Finances aside, a disregard for changing technologies and increased security threats can have dire effects on a business’ relationship with customers as well.
When customers feel that their private information isn’t treated with the care and consideration it deserves — such as in the case of a State Farm customer who discovered a breach within the company’s app when she was able to access other policyholders’ information — all trust is lost.
"How can I not worry?” the customer said in an interview with ABC7 News. “Who has my information if I have their information?"
What Insurance Companies Can Do to Step Into the Digital Age
Digital transformation is a must for insurance companies; however, the risks of botching an update that compromises vast sensitive data are real. How can insurers move forward without fear?
Here are three strategies insurance companies should use to protect themselves and their customers and improve their businesses in the process.
1. Implement Better Customer Identity Management Measures
Nearly all insurance companies provide a portal for customers to log in and access their profiles, personal information, claim statuses, and more. But legacy systems for user registration and authentication are a barrier they need to move past.
Insurers need to establish better customer identity management to make it easy for customers to access their accounts— while making it simultaneously difficult for hackers.
2. Invest in advanced features like Anomaly Detection to Better Identify System-Wide Threats
Unfortunately, it’s far too easy for breaches and other malicious events to go undetected for a surprisingly long time.
As just one example, an investigation into the well-known breach at Anthem revealed that it all started with a lone phishing email that was opened by an employee in February 2014.
However, Anthem wasn’t able to disclose the attack and notify customers until February 4, 2015 — a year after it all began. By that point, the hacker had compromised at least 90 systems within the Anthem enterprise environment.
This speaks to the importance of having anomaly detection in place that can alert you and your users of suspicious activity the moment it happens. Auth0 not only makes you aware of the attempts to access your application, but also blocks future login attempts—so you can catch the problem before it becomes even bigger.
3. Ensure You’re Up to Date With Changing Security Regulations
The increasing threats in the insurance industry haven’t gone unnoticed. That’s exactly why security regulations and requirements continue to be introduced to mitigate the potential of malicious activity.
GDPR, which went into effect in May 2018, requires that organizations using data of EU citizens abide by a set of strict standards when collecting, processing, storing, and sharing personal information. Teams that fail to comply could be fined €20 Million or up to 4% of annual revenue. The regulation has had a ripple effect across the world, with states like California following suit.
And, the insurance industry itself has taken steps toward stricter regulations and protective measures. The National Association of Insurance Commissioners formed the Cybersecurity (EX) Working Group in response to the increasing demands on insurance companies. (These charges now fall under the Innovation and Technology (EX) Task Force.)
Before disbanding, this group completed numerous cybersecurity activities. Most notably among these was the adoption of the new Insurance Data Security Model Law (#668), which requires insurers and other entities licensed by state insurance departments to develop, implement, and maintain an information security program, investigate any cybersecurity events, and notify the state insurance commissioner of such events.
Keeping up with these sorts of regulations can be challenging, but Auth0 makes it painless. The platform supports industry-wide authentication standards and ensures compliance with the growing requirements of numerous leading organizations. Plus, Auth0’s extensibility features ensure that your identity platform can grow and evolve along with your business and industry.
Updating Legacy Systems: Insurers Need to Keep Up
The above steps will help insurance companies protect their information as well as the information of their customers. However, there’s also no neglecting the importance of employee education and awareness.
The better trained and informed insurance teams are about suspicious activity, the less likely they are to fall for various phishing scams and attacks.
Combine thorough employee training with the above tips, and insurers will step into the digital age — while also improving their businesses and customer relationships.