Documentation and communication: 3 big cybersecurity trends insurers need to know about

07 March 2019 Mia Papanicolaou, COO, Striata
Mia Papanicolaou, COO, Striata

Mia Papanicolaou, COO, Striata

When it comes to cybersecurity threats, the insurance industry is at greater risk than most. According to the 19th EY Global Information Security Survey by Ernst & Young, nearly half of the insurers surveyed had faced some form of cyber attack in the preceding 12 months.

That insurers represent such a lucrative target to cybercriminals is hardly surprising. These companies have vast amounts of data that is incredibly valuable to cybercriminals. So lucrative is the data held by insurers that one attack even targeted people who weren’t customers but had simply requested a quote from the insurer.

Preventing cyber criminals from getting hold of this data is an ongoing battle and one which requires constant vigilance on the part of the insurers’ security teams.

Two of the most important fronts in this battle are documentation and communication. After all, so much of the information that insurers have on their customers resides in personal, confidential documents, such as bills, policies and claim forms that they send out. And documents can reside in multiple places, both within the organization and on customer devices.

At the recent InsureTech conference in Las Vegas, insurers were asked what their biggest challenge or concern is and it’s no surprise that data, cyber and trust were in the top concerns. Here are some of the latest cybersecurity trends insurers should be thinking about when it comes to their document and communication strategies.

Security by design

For a long time, organizations of all kinds (including insurers), would adopt technological solutions and then figure out ways to make them secure afterwards. Digital documentation was no exception, with many putting accessibility to those documents ahead of security.

Later on, organizations moved to involving security at various points in the development of their digital document and communication solutions. Ultimately though, it was still an afterthought in comparison to all the other features.

Increasingly, however, organizations have realized that security needs to be built into these systems from the ground up.

While users must shoulder some responsibility for document security, organizations must, at the very least, take steps to encrypt and protect the sensitive documents they make available on the web or by email.

Adopting security by design doesn’t have to be overly complex either. Organizations can, for example, enable the viewing of a document (such as a policy or bill) as either an interactive Web or PDF experience, allowing a user to securely view the contents, while the information remains secure should the document be part a breach.

Phishing gets personal

Over the years, cybercriminals have become increasingly sophisticated. The generic phishing emails of the past have become largely redundant, replaced by convincing spoofs that would fool even the most careful email users.

The next phase of this evolution will see cybercriminals making their phishing efforts personalized, tailoring their attacks to each individual target.

It’s therefore critical that organizations continue to invest heavily in educating consumers on the the latest phishing methods and how to avoid them, as well as ensuring that any digital customer documents are secure and these customers understand the importance of this security measure

Every customer should understand what an organization will ask them to do, especially when it comes to accessing documentation.

Regulation and compliance

The past couple of years have seen an increased regulatory focus on data protection, especially in the document and communication space. The European Union’s General Data Protection Regulation (GDPR) has drawn the most headlines and is generally understood to be the gold-standard when it comes to consumer data protection.

Properly enforced, these regulations will go a long way to ensuring that organizations do everything in their power to look after their customer data.

If nothing else, an increased number of organizations looking to be compliant with consumer data regulations will result in them to taking greater care when it comes to their cybersecurity postures.

It’s been well established that communication falls within these regulations, however, it’s often forgotten that digital documents also need to comply with privacy rules around data protection. They have historically been particularly vulnerable points when it comes to cyber attacks. Anything that makes them safer should, therefore, be welcomed.

Quick Polls


84% of respondents to a recent industry survey agree that there will be a shift from product-focused innovation to business model innovation in insurance within the next five years. Is this a realistic time frame?


Yes, there needs to be a quick turnaround time when it comes to this.
No, more time is needed.
A E fanews magazine
FAnews April 2019 Get the latest issue of FAnews

This month's headlines

Differences aside… in the name of fairness
Advice… now more important than ever
COFI… is this a reason to be positive?
Cyber cover: One size does not fit all
The need for member education
Subscribe now