Filter by Category

Who Insures the Insurer?

Do insurance companies maintain Data Security Breach Insurance?

On June 23, 2010 more than 200,000 Anthem Blue Cross customers received letters informing them that their personal information might have been accessed during a security breach of the company's website. Customers who had pending insurance applications in the system are currently being contacted because information was viewed through an on-line tool that allows users to track the status of their application. Social Security and credit card numbers were potentially viewed. It's one more tumble in a cascade of security breaches that can have terrible consequences for the customers and clients of such a large insurance company.

And of course, this raises an ironic question: Do insurance companies maintain their own liability insurance in the event that their information systems are compromised? As absurd as it may seem at first glance, it's really not a laughing matter. According to the Ponemon Institute, the average cost of a security breach is now exceeding $200 per client record. This would mean that Anthem Blue Cross's breach last month created a liability as great as $40M.

Moreover, there's a ripple effect to organizations that do business with insurance companies that suffer such an information security breach. Each Personnel Department that delivers private employee information to an outside service supplier has an inherent responsibility and liability to its employees.

We all know that the privacy information transferred between companies should use a secure and confidential method of transmission. Yet too many small and medium-sized companies are still using simple FTP (File Transfer Protocol) software that has been proven to be susceptible to the threats of network hackers. And by the time these organizations realize their vulnerability, it's often too late These companies are often performing these FTP transfers below the radar of their IT departments. How does it happen?

Often personnel data is off-loaded to PCs from the main information systems where it is left "in the open" on the hard drives of desktops or laptops. After the data is transferred this residual data is often unprotected, where it's subject to theft or secondary security flaws. Insurance agents - whose jobs are to facilitate the processing of the data with their insurance providers - can also suffer from such breaches. The loss of an agent's laptop - through theft, accident, or routine use of USB thumb-drives - poses additional liability.

There are two readily available strategies to help prevent these kinds of security abuses. The first strategy is to use data encryption technologies that not only encrypt the data, but also record into a secure log detailing when, where, and by whom the sensitive data has moved from the main information database. Crypto Complete offers precisely this kind of encryption capability, and it should be examined by IT professionals as a viable, highly configurable resource for the protection of the company's information assets.

The second strategy is to use a secure method of transfer for the data itself, ensuring that the information is never left in a vulnerable state on an individual's personal computer. By removing FTP access to the data by any employee's PC and channeling the transfer through the secure corporate server, IT can prevent the problem of network hacking from occurring. GoAnywhere MFT is precisely the means of achieving the goal of a secure FTP transfer between companies.

The tragedy of the Anthem Blue Cross breach was the result of a faulty security scheme in the design of its customer service solution. But it is not the only potential failure of data security that can impact its customers and business partners. And, unfortunately, this information security breach is just one of the 356 million reported breaches that have occurred in the US over the last five years.

So who insures the insurer when a data security breach occurs? The real answer is IT itself. And helping IT achieve a better result will be the subject of this blog over the next few months.

Latest Posts


What are Data Silos?

March 26, 2020


Top 3 IT Strategies for Optimizing Productivity

March 24, 2020

Little fires everywhere – not just a best-selling novel and new streaming show starring Reese Witherspoon: it’s what most respondents said was the biggest impediment to productivity in their…


How the Coronavirus is Impacting Your Data Security

March 23, 2020

It’s Not Just Your Health at Risk As the coronavirus (COVID-19) continues to generate headlines around the world, it’s not just your health at risk – your private data is at risk too. In more…


Is Your File Transfer Solution Meeting Business Requirements?

March 17, 2020

Free is tempting. Understood. But free can also be a landmine when it comes to your business requirements. If your business needs include maintaining a level of security surrounding file transfers…


Take Your Data Security One Step Further with MFT

March 13, 2020

One Step at a Time Finding the right managed file transfer (MFT) solution for your business can be a lengthy, one step at a time process. The StepsMaking the decision to implement MFT in your…