Insurers are doing a better job protecting themselves from cyber attacks even as attempted breaches have nearly doubled, a new Accenture study has found.
The percentage of successful global insurance security breaches dipped from 30 percent of all attacks last year to 22 percent this year, Accenture said in its report, the “2018 State of Cyber Resilience for Financial Services.” Those results happened even as insurers handled 240 attacks so far in 2018 versus 113 in 2017, according to the study.
Overall for financial services, about 81 percent of breach attempts were stopped in 2017 compared to 66 percent the year before, according to the study.
Accenture argues in its study that cybersecurity for insurers is particularly important because they must protect their own transactional and customer data as well as offer policies to protect customers’ digital assets.
Chris Thompson, Accenture Security’s global security and resilience lead for financial services, said that financial services firms are reaching “a level of mastery” in terms of response readiness and cyber resilience but that they have to continue adapting quickly to keep up with the issue.
“As business technology evolves, so too must cybersecurity,” Thompson said in prepared remarks. “The new technologies that banks and insurers are embracing — including cloud, microservices, application programming interfaces, edge computing and blockchain —will create new security risks, especially as cyber attacks evolve in sophistication.”
There is also room for improvement, according to the survey.
Accenture said that 37 percent of executives surveyed said they hold their partners to lower cybersecurity standards than their own business, even as banks and insurers increasingly rely on alliance and business partnerships for new growth and both parties use open application programming interfaces. As a result, firms are vulnerable to outside security risks.
As well, financial services firms’ use of connected devices such as Internet-connected cameras, sensors and smart watches leave them vulnerable to risk. All of the devices leave security professionals having to safeguard more devices, as all are possible entry-points for cyber attacks, Accenture said.
Highlight of other survey findings:
- 45 percent of breaches aren’t detected by insurers for more than a week. About 9 percent take more than a month to spot.
- 84 percent of respondents said they’re confident about restoring normal activity after a breach.
- 85 percent of respondents said advance technologies are key to a secure future, but only 4 in 10 said they’re investing in machine learning, artificial intelligence and automation technologies.
For the study, Accenture surveyed 4,600 enterprise security professionals, including 821 from financial services (banking, insurance and capital markets). Out of that number, 411 were insurance industry executives. They represented companies with annual revenues of $1 billion or more in 15 countries. Accenture said the study was designed to produce greater understanding about how companies prioritize security, how effective their security efforts are and whether existing investments to combat the problem are sufficient.
As well, Accenture looked at cyber attacks from Feb. 1, 2017 through Jan. 31 2018.