As banks improve their ability to defend against cyber attacks, criminals are increasingly turning their attention to the insurance sector. Executive SummaryAs cyber crimes against insurers escalate and expose carriers to the loss of business-critical premium and loss data and analytics, insurance company boards must take the lead in gauging cyber readiness. Consultants leading three KPMG practices involved with insurance and information security provide a list of questions boards must ask to assess and bolster their company’s cyber security capabilities.
In addition to seeking customers’ personal and financial data, which has value at the lowest strata of the black market, cyber thieves are also aiming higher, looking for business-critical information that is valuable to organized crime, rogue nation states and other sophisticated criminal networks. The loss and exposure of business-critical data—including premium and rating tables, claims, accident and loss information, risk models, analytics, and statistical models—represents the potential for enormous commercial and reputational damage, as well as the possibility of fines for inadequate systems and controls and increased regulatory scrutiny.