Our panelists had some interesting stories and insights, as well as sage advice for protecting our valuable insurance data from pilfering. What was even more fascinating, however, was what we heard from audience members. When I asked for a show of hands on how many of their organizations had dealt with an unauthorized intrusion, only one brave lady raised her hand.
This was amazing, in light of the fact that almost every company has been attacked, regardless of whether the attack has been successful or not. I can appreciate that many would not want to admit their enterprises are not completely bulletproof, but then again, there is no enterprise that is completely impervious to attack. So where's the shame in that?
One audience member guessed the others may not have realized they had been attacked -- supposedly their security systems handled the intrusions seamlessly. That may be, but most systems will let you know that someone has tried to get in, even if they weren't successful.
Are we really so complacent that we can ignore the obvious -- and now highly publicized -- risks to the data that are the lifeblood of our companies?
That question may have been answered by our audience as well. Asked what security issue concerns them the most, not one in the group gave a response.
So, if they're not concerned about data security -- and they don't believe they have been attacked -- why come to this session at all?
Perhaps this is one of those things that happens to someone else, for example The Hartford, but not to me.
In my introduction to the session, I pointed to a Wall Street Journal article that reported the FBI's top cybercop believes we (honest users of the Internet) are decidedly losing the war against cybercrime.
"We're not winning," said FBI Executive Assistant Director Shawn Henry, adding that the current public and private approach to fending off hackers is "unsustainable.'' Computer criminals are simply too talented and defensive measures are too weak to stop them, he noted.
What part of this reality does our industry not get?
Are we in complete denial, despite the fact that some in our own industry have been hit?
I suspect this is not a case of denial, but rather an example of "learned helplessness."
The vibe I get from many in our industry, although I think few would admit it, is that we believe there is nothing we can do about cybercrime, so we just shrug our corporate shoulders and write off the losses.
If that's what's happening, it is a dangerous course to chart. High-profile hacks into our systems are likely to be reported in the media, and that will likely shake the confidence of our insureds.
Much of the information we have on insureds is sensitive and private, and valuable to identity thieves and other criminals. We simply can't afford to lose the trust of our insureds by ignoring such a virulent threat.
ARA TREMBLY, founder of Ara Trembly, The Tech Consultant, writes about insurance and technology. He can be reached firstname.lastname@example.org.
July 24, 2012
Copyright 2012© LRP Publications