Risk, reward and cyber-scurity
2014/09/03
[avatar user="cbeattie@celent.com" size="thumbnail" align="right" /] For most people the amount of time, skill and effort required to get access to our family photos far outweighs the possible value someone would find there in. Thus, security measures based on making it really quite difficult to get to the data while at the same time not too hard to use have become increasingly popular. I would file username and password security in here. Occasionally, the digital assets on the other side are valuable to the right group. Banks use 2 factor authentication and a variety of non-digital schemes to ensure security. Even World of Warcraft where rare digital swords and armour carry their own value offer broader measures of security to protect accounts. The recent leak of a number of celebrities private photos shows that there are other assets worth the time and effort required to break this level of security. The risk associated with the data insurers hold has to date been quite minimal. There are health, specialty lines and large commercial lines where this isn't the case, but for most people the data held by insurers and available through portals is largely innocuous and available through other means. As insurers start to tap into wider data sources and the Internet of Things it is imperative that the industry considers how it protects it's customers. A simple example from products available today: some insurers likely hold the real-time location of the car driven by celebrities and millionaires children, thanks to the increasing popularity of telematics based car insurance. This brings with it increased security, the opportunity to recover the car if stolen and the opportunity to bring much needed assistance swiftly if the car and driver suffer an accident. In the wrong hands this data is sadly highly valuable and thus worth the time, effort and risk to assault and try to recover. Whilst the details around the leak are still emerging it is clear that it is incumbent on the providers of these services to offer sufficient security in the first place and to educate it's users on appropriate use. To insurers looking at cloud and portals, I say consider the edge cases - the celebrities using your security for instance, those for whom there are organised groups who would be rewarded for getting the data. Take into account the type of data available through various security schemes and portals, some information is naturally less sensitive. No one will read a story about a film star's driving score and premium due next month, but where they drove and when - well maybe that's a headline you don't want your name associated with.