Insurers warned of data risk as firms move to self-service

Font Size


A cyber security expert said insurance firms adapting to new processes during the pandemic must be aware of the security risks and take steps to minimize the impact of data theft.

Red Rock IT Security Forensic Analysis Director Raymond Nuñez said one of the measures he recommends for insurance firms is to keep active claims in a separate database to mitigate the damage from data theft in a “minimalist” way.

“It should be a minimalist approach always. What kind of information do I need? Make the main database push other information to the separate database, so in case the latter gets breached, there’s no path to the former database,” Mr. Nuñez said in a recent webinar organized by the Philippine Insurers and Reinsurers Association.

Information technology (IT) personnel must also update their databases to narrow the exposure to cyber attack happens.

To further ensure that information is received properly, Mr. Nuñez added that insurers can always confirm transactions through phone messages.

“Once the claim is fulfilled, you can pull it out from the database or you could just text the client about the claim, so there’s a minimal risk of exposure,” Mr. Nuñez said.

Another risk was highlighted on the panel by the Insurance Institute for Asia and the Pacific, Inc. (IIAP), which flagged self-service tools as a potential source of risk as the industry undergoes digital transformation.

“To be competitive, you have to digitally transform. One of the dreams of insurance people is we want our claimants to check the status of a claim by themselves without the need for contacting anybody from the company,” IIAP Executive Director Francisco D. Papa, Jr. said.

He highlighted the value placed by data thieves on stored information with long shelf lives – information that is impossible to change in case of a hack.

“Insurance and health data are sold in underground markets. They have longer shelf lives and technically not replaceable. If your password gets breached, you can replace it. But if your fingerprint data gets breached, it would be difficult to replace it. That’s the idea,” Mr. Nuñez said.

Internet security firm Kaspersky Lab said the Philippines was in fourth place in its 2019 ranking of countries with the highest number of web threats, up from 11th a year earlier.

It detected 28 million Internet-borne attacks against Philippine-based Kaspersky users last year, or 44.40% of the Philippines’ total number of Kaspersky users. — Kathryn Kristina T. Jose