By CYRIL TUOHY, managing editor
The good news is that financial services companies, insurance carriers included, are generally well protected against the online viruses. The bad news is that the more a company chooses to outsource its competencies, which companies are doing more of, the more vulnerable a firm is to network piracy.
"Compared to the general grouping of American industry and certainly international industry, I would say that financial institutions including insurance companies are doing a better job than most," said Clinton. "Whether or not that's fully adequate is a separate question."
Risk managers are for the most part aware of the outsourcing risks, and insurance carriers are, luckily, well defended against such breaches. But in case risk executives needed a refresher on the financial horrors of a data breach, they can look at how the past 18 months have been brutally expensive for some retailers--and that's not even counting the recession.
In March, Hannaford Bros., a Maine-based supermarket chain, announced that 4.2 million credit- and debit-card numbers had been exposed. The first indications of a breach occurred last December, but weren't publicly announced for three months.
In 2007, discount retailer TJX Cos. announced it had been the victim of a computer systems breach in which the identity of more than 45 million customers had been exposed, costing the company more than $256 million.
The breaches affecting the retailers have been simple credit-card transactions, but a Gartner survey based on interviews with 50 U.S. retailers found that 21 of them were certain that they suffered a data breach, according the IDG News Service last May.
THE SUBCONTRACTORS WEAK LINK
Any data that travels across the World Wide Web is vulnerable to theft, according to Clinton, and as companies choose to hand over key functions to other subcontractors, the risk of a breach goes up.
"One of the biggest areas of vulnerability now is that people share their data through outsourcing agreements, and some of the organizations that do a really good job at their own cybersecurity do a terrible job at monitoring the security of the people they're outsourcing their data to," said Clinton.
Workers' compensation and disability managers, for example, are more favorably disposed than they were two years ago to subcontracting or outsourcing many of their company's back-office insurance activities.
Policy processing, claims processing and adjusting, bill review, document management and data analysis are more likely to be done by subcontractors offshore than they were two years, according to a 2008 survey by Maddy Bowling & Associates Consulting, a workers' comp advisor.
BIGGER = BETTER?
As a rule, said Clinton, larger companies across all industry sectors tend to be less vulnerable to breaches than smaller companies; as are companies operating in the information technology, financial services and defense sectors.
He agreed that corporations have improved securing their data over the past decade, but he said that the improvements are uneven and that the "lack of uniformity about this is really a big problem."
January 20, 2009
Copyright 2009© LRP Publications