Across the globe, cyber crime costs companies over $600 billion annually. This means that it’s more important than ever for companies to protect themselves from the staggering costs of hacking. Insurance companies are particularly at risk due to the fact that they deal with sensitive customer information on a daily basis.

A data breach could expose customers’ personal records, result in data loss, be costly both in terms of tangible and intangible losses, and significantly damage the reputation of the insurance company.

How can insurance companies stay up-to-date on the latest technological innovations while also ensuring maximum safety and security of sensitive data? While cybersecurity risks exist when a company attempts to innovate their processes, there is an even higher risk when there is no innovation. The perfect balance for maximum safety, therefore, is for companies to develop a cybersecurity policy and find ways to innovate and implement technologies in the context of their high cybersecurity standards.

Insurance companies, like other companies, have struggled to protect their sensitive data from the grasp of hackers. In the past few years, several high-profile cybercrime incidents have exposed customers’ personal information in several industries, including insurance. Health insurance companies are prime targets for hackers due to the wealth of personal information maintained by these companies. Data breaches involving health plans accounted for 63 percent of all breached records occurring between 2010 and 2017, according to researchers at Massachusetts General Hospital.

In early 2015, in what CSO has called the 13th worst data breach in history, hackers gained access to data belonging to Anthem, a major United States health insurance company. This breach jeopardized the personal information for nearly 80 million Anthem customers, and cost Anthem over $375 million, according to a report by KPMG.

It is essential for insurance companies to understand the significant risks associated with poorly protected networks and invest in cyber infrastructure to ensure that their networks are not an easy target for hackers. As society transitions toward an increasingly IoT-enabled environment, cybersecurity will only become more important as all of our everyday activities will be conducted on the internet.

How the Internet-of-Things Will Power the Next Generation of Insurance Technology

The Internet of Things (IoT) refers to the connectedness of everyday objects to the internet and/or each other. The IoT can include anything from personal mobile devices such as smartphones, to headphones, wearable devices, and even things like kitchen appliances. Objects in the IoT can communicate and interact with each other over the internet, and as such, they can be remotely monitored and controlled.

In the insurance industry, IoT is being increasingly used to reduce insurance premiums by streamlining the claims process. According to Forbes, customers can complete the claims process more easily by submitting forms via mobile app, rather than filling out several different paper forms. For example, Next Big Thing AG’s portfolio company Evertrace offers a straightforward platform for real-time tracking and management of claims in global supply management. Evertrace uses IoT to securely track cargo, as well as novel machine learning technologies to enable real-time analytics.


Evertrace's CEO Darina and CTO Gautier in the offices of Next Big Thing AG in Berlin. 

IoT connected devices which collect biometric and environmental data can also make it easier for insurance companies to determine risk and adapt insurance policies as needed. However, without adequate cybersecurity practices, the data collected can be easily compromised.

For example, in 2017, the Japanese insurance company Sompo Japan Nipponkoa collaborated with a Japanese taxi company to develop a new algorithm for transportation companies to offer personalized safety instructions for the company’s taxi drivers. The algorithm works by collecting and analyzing images, biometric information such as heart rate collected via telemetry, and vehicle data such as speed and individual driving behavior. Such information on driving behavior could be used to determine the policyholder’s level of risk and, accordingly, inform the monthly amount they must pay to obtain automobile insurance.

Why should Cybersecurity be Central to a Company’s Innovation Strategy?

As mentioned, the IoT has ushered in a new era in which insurance claims, risk assessment and policy determination have become simpler and more streamlined, which translates to fewer overhead costs and even better customer service. Sadly, the exact technology that makes IoT and its associated devices so convenient and useful – the fact that so much data is being collected by IoT devices, which communicate over the internet – can also set up users of IoT to be targets of cybercrime.

According to a report by James Lewis, senior vice president at the Washington, D.C. think tank Center for Strategic International Studies, poorly secured IoT devices represent a backdoor for hackers to gain access to valuable information or networks, and can also be hacked and used as powerful botnets that can launch large-scale denial-of-service attacks.

Interested in more content like this? Join our newsletter.

Subscribe now!

How can IoT be leveraged to improve Cybersecurity and provide better Insurance Solutions?

Lewis proposes several steps that IoT, and the internet more generally, can take to reduce cybercrime, in insurance and beyond. In particular, he suggests that basic security measures, such as software updates, should be implemented uniformly. Lewis also calls for increased law enforcement cooperation, tougher cybersecurity laws around the world, and penalties for countries that provide a haven for hackers and other cyber criminals. Without such actions, cybercrime around the world will continue to increase, opines Lewis.

Others in the cybersecurity community point to enhanced identity access management for IoT, such as multi-factor authentication. While IoT is a powerful and versatile new tool, without high vigilance in terms of cybersecurity, including standardized security measures, IoT’s cybersecurity challenges could be its undoing.

The AT&T Business blog offers several important pieces of advice for those seeking to boost IoT security. Firstly, understanding the “risk matrix” of IoT devices is essential in order to apply the proper level of security controls. Each IoT device should be assessed to ensure that it meets security standards. However, information technology (IT) professionals should also evaluate the applications which drive the IoT solutions, as well as the entire IoT ecosystem, to identify the greatest security risks. Automation, AT&T suggests, should be a key player in IoT security solutions, so that networks can be monitored for threats automatically and around-the-clock.

In the insurance industry, companies can work to be in compliance with Lewis’s suggestions by making sure that information technology professionals regularly update servers with patches and other fixes to stay one step ahead of hackers. Two-step verification and also good email hygiene practices could also benefit insurance companies. Two-step verification is a form of multi-factor authentication which requires entering a code sent to the user’s email or cell phone, and as such, adds an extra layer to security. Since passwords can easily be compromised, two-factor authentication adds a second wall that is more impenetrable to hackers.

Good email hygiene practices should also be taught to insurance company staff at all levels, as most of the high-profile hacks of the past decade have occurred as a result of people clicking on links from emails which they did not ascertain to be spoofed. Without proper email practices, employees may even enter their personal information on a hacker’s website, therefore directly delivering hackers the information they need to orchestrate their next devastating data breach and threaten the security of millions of insurance holders.

Blockchain as a Cybersecurity Tool in the 21st Century

Like IoT, Blockchain is one of the latest innovations in the high-tech industry. In blockchains, a growing list of records (called “blocks”) are linked using cryptography. Because the blocks cannot be modified and can be maintained across several computers, this makes blockchain technology indispensable to the insurance industry in a variety of applications. For example, blockchain can reduce administrative burden for healthcare providers by automating verification of claims and payments from third parties. With blockchain, insurance companies can view past claims transactions registered on blockchain quickly and easily.

Blockchain technology can be used to prevent fraud, offer better claims management and faster claims processing, and help record physical assets for property and casualty insurance. With blockchain, security and data integrity are preserved, while maintaining accessibility. IoT can be used in conjunction with blockchain to power 21st century tools to help better administer and provide insurance to policyholders.

For example, data collection and claims, which can be managed in a blockchain environment, can be further automated using IoT tools. Blockchain can help data remain safe, secure, and immutable. Blockchain combined with IoT can provide a powerful platform which collects and analyzes a large, diverse dataset, while also preventing data tampering. While blockchain technology today is primarily utilized in the fintech and cryptocurrency industries, as this technology continues to flourish, it will find applications in the insurance industry as well.

The Bottom Line

Over the past few years, a series of high-profile data breaches have exposed the data of millions of users. The insurance company has not been immune to such cyberattacks, as demonstrated by the 2015 Anthem hack which cost the health insurance company over $375 million.

Sadly, despite the fact that insurance companies deal with sensitive personal information, they have not been quick to embrace the latest security technologies, which has jeopardized the safety of their customers. Insurance companies which wish to maintain their reputation and avoid the damaging costs of a potential cyberattack must therefore rapidly innovate their cybersecurity infrastructure using the best available tools and practices. Especially given the ubiquity of IoT enabled devices in today’s society, security solutions must be holistic, rely on automated processes for threat detection and data monitoring, and consider all of the devices and the internet ecosystem at large.

Blockchain helps data collection be authentic, safe, and secure, and may be another frontier in the insurance industry’s quest for better, safer data management. Blockchain may be used, in the future, to power the industry’s essential functions such as claims processing and policy management.

While maintaining cybersecurity can be a formidable challenge in today’s era of interconnected devices and internet-enabled society, failing to provide adequate cybersecurity resources and maintaining a safe and secure internet infrastructure can have significant consequences. Poor cybersecurity practices cost companies millions of dollars in both the short and long term, and also can severely damage a company’s brand and reputation. Therefore, it is important for insurance companies to familiarize themselves with the latest advances in cybersecurity and ensure that their information security systems are modernized to deal with the latest cyber threats.

Stay in the know!

For our Framing the Industries article on the cybersecurity industry, we interviewed our CTO Jasmin Skenderi and asked him how here at Next Big Thing AG values and incorporates measures for cybersecurity in all businesses we develop.  

Never miss an update from our blog. Join the NBT newsletter.

Subscribe now!