Managing digital content for security and compliance in insurance
Security and compliance, once mundane and low priority, are now rising toward the top of the priority list for insurers – and are anything but mundane. The implications of failing to place an elevated importance on these areas can be significant in terms of cost, resources, and company reputation. These interdependent areas are all about properly managing digital content.
Insurers who do have a deep understanding of content are able to manage versioning of content components, and have the proper authentication and authorization to access and use it in various ways.
The many dimensions of compliance
In the U.S., P&C insurers alone must deal with more than 10,000 regulatory changes per year. Meanwhile, life insurers are racing to comply with the new Department of Labor (DOL) Fiduciary rules.
Imagine a global insurer operating across many countries and many lines of business. It makes staying in compliance an enormous task. Beyond regulatory compliance, insurers must adhere to internal compliance with corporate standards and brand guidelines, as well as departmental-level standards.
The implications of non-compliance are quite significant. Missing regulatory deadlines or producing policies or customer communications that don’t meet regulatory requirements can result in large fines. In addition, non-compliance with internal standards can result in inefficiencies, rework, and errors, which may sometimes affect producers or policyholders. Producing documents that do not comply with corporate brand standards may also create market confusion or result in negative customer perceptions or poor customer satisfaction.
Thus, compliance is mandatory. It can be time consuming and frustrating, and there are costs and resources involved. This explains why automated solutions have become necessary for insurers to help make digital content management easier.
The 3 categories of security issues
It seems like major breaches are in the news every day. In this age of hacker bots, ransomware, phishing scams, and AI-driven cyberattacks, no company or individual is safe.
That said, there are really only three categories of security issues:
- Insider threats
- External threats
- Non-malicious acts that may cause data loss
As much as half of all breaches are due to insiders. Insider threats can be challenging because you have many people in your organization with access to various levels of data.
Many people, businesses, and governments are also rightly concerned about external threats from criminals, terrorists, activists, and nation-states, as well as groups involved in corporate espionage. Cyber threats are especially sensitive when it comes to personally identifiable information (PII).
In the European Union the General Data Protection Regulation (GDPR), scheduled to go into effect in May 2018, is designed to address just that. Preparing to meet the GDPR regulations is a big deal. Companies have been preparing for quite a while, and it will affect all sizes of companies, including companies in the U.S. that may have business with or deal with individuals from the EU.
In addition, the vast amounts of digital data insurers collect, create, and manage result in exposures that are non-malicious. Physical accidents such as fires, digital accidents such as inadvertent loss of data, or improper access controls for digital data may result in security issues.
Unfortunately, cyber exposure may get worse before it gets better. As the world becomes more connected via the Internet of Things, wearables, and autonomous vehicles, the amount of data increases. And the security exposures increase as well.
Recommendations for insurers
The big question is what insurers should do to better manage their digital data to ensure compliance and reduce security risks.
Fortunately, insurers are proactively addressing these issues. SMA research indicates that both P&C insurers and life/annuity insurers rank security among their top five tech projects for 2018.
In addition to these projects, here are the key recommendations for insurers:
- Create a security layer
A well-thought-out security layer should be part of the overall digital strategy and technical architecture. This requires insurers to develop a security architecture and implement world-class solutions that go beyond the basic firewalls and malware detection capabilities.
- Build in cyber-awareness
Every piece of software in the enterprise should be cyber-aware and provide the APIs or other similar linkages to security software solutions.
- Consider the role of two Bs: biometrics and blockchain
Technologies in both of these areas could become essential in tackling the complicated issues surrounding security and compliance. Biometrics technologies are advancing rapidly, providing new ways to ensure that only authorized individuals have access to specific data or apps. Blockchain also has the potential to increase the security of data exchanged between insurers and their partners.
Most importantly, insurers need to leverage world-class, comprehensive solutions that manage digital content across the enterprise. Enterprise content management systems and their advanced, modern versions that enable broad-based content services are foundational. These solutions allow insurers to manage regulatory and internal compliance and support the sophisticated levels of security that are now required for insurance enterprises.
