Filter by Category

Who Insures the Insurer?

Do insurance companies maintain Data Security Breach Insurance?

On June 23, 2010 more than 200,000 Anthem Blue Cross customers received letters informing them that their personal information might have been accessed during a security breach of the company's website. Customers who had pending insurance applications in the system are currently being contacted because information was viewed through an on-line tool that allows users to track the status of their application. Social Security and credit card numbers were potentially viewed. It's one more tumble in a cascade of security breaches that can have terrible consequences for the customers and clients of such a large insurance company.

And of course, this raises an ironic question: Do insurance companies maintain their own liability insurance in the event that their information systems are compromised? As absurd as it may seem at first glance, it's really not a laughing matter. According to the Ponemon Institute, the average cost of a security breach is now exceeding $200 per client record. This would mean that Anthem Blue Cross's breach last month created a liability as great as $40M.

Moreover, there's a ripple effect to organizations that do business with insurance companies that suffer such an information security breach. Each Personnel Department that delivers private employee information to an outside service supplier has an inherent responsibility and liability to its employees.

We all know that the privacy information transferred between companies should use a secure and confidential method of transmission. Yet too many small and medium-sized companies are still using simple FTP (File Transfer Protocol) software that has been proven to be susceptible to the threats of network hackers. And by the time these organizations realize their vulnerability, it's often too late These companies are often performing these FTP transfers below the radar of their IT departments. How does it happen?

Often personnel data is off-loaded to PCs from the main information systems where it is left "in the open" on the hard drives of desktops or laptops. After the data is transferred this residual data is often unprotected, where it's subject to theft or secondary security flaws. Insurance agents - whose jobs are to facilitate the processing of the data with their insurance providers - can also suffer from such breaches. The loss of an agent's laptop - through theft, accident, or routine use of USB thumb-drives - poses additional liability.

There are two readily available strategies to help prevent these kinds of security abuses. The first strategy is to use data encryption technologies that not only encrypt the data, but also record into a secure log detailing when, where, and by whom the sensitive data has moved from the main information database. Crypto Complete offers precisely this kind of encryption capability, and it should be examined by IT professionals as a viable, highly configurable resource for the protection of the company's information assets.

The second strategy is to use a secure method of transfer for the data itself, ensuring that the information is never left in a vulnerable state on an individual's personal computer. By removing FTP access to the data by any employee's PC and channeling the transfer through the secure corporate server, IT can prevent the problem of network hacking from occurring. GoAnywhere MFT is precisely the means of achieving the goal of a secure FTP transfer between companies.

The tragedy of the Anthem Blue Cross breach was the result of a faulty security scheme in the design of its customer service solution. But it is not the only potential failure of data security that can impact its customers and business partners. And, unfortunately, this information security breach is just one of the 356 million reported breaches that have occurred in the US over the last five years.

So who insures the insurer when a data security breach occurs? The real answer is IT itself. And helping IT achieve a better result will be the subject of this blog over the next few months.

Latest Posts


19 Ways to Transfer Big Files

October 20, 2020

You have choices when it comes to sending large files. You can choose to take your chances with free file transfer solutions, but they can be risky. Using a managed file transfer (MFT) solution is a…


IT Professionals Share Why They Need an MFT Solution

October 13, 2020

Take it from Them As a company that takes immense pride in customer satisfaction, GoAnywhere Managed File Transfer (MFT) always enjoys hearing how and why our real-life customers are using our…


9 Mistakes You Might Make When Sending Big Files

October 8, 2020

Sending that small file, or even a few small files, is a no-brainer at most organizations. But what about those massive, unwieldly and oh-so-sensitive files that inevitably get “stuck” or noted…


What is File Encryption Software?

October 6, 2020

File encryption software is a tool – either free or paid – that encodes your information so that it remains secure in motion, at rest, or both. Securing sensitive data is essential for any…