The need for information security (infosec) is nothing new. But the game is changing in 2017. As the IIA.org blog reports, “As the IoT leads to more connections between people and machines, cyber dependency will increase, raising the odds of a cyber-attack with potential cascading effects across the cyber ecosystem.” The October 21 distributed denial of service attack (DDoS), which left thousands of websites inaccessible, is a grave reminder of our corporate vulnerabilities.
Ransomware, the work of online extortionists, has also become commonplace, with infections growing threefold between January and December 2016, according to security firm Kapersky Lab. Tripwire.com reports that in December 2016 alone, 32 new ransomware samples emerged and 33 existing strains were updated. Hospitals, government agencies and even insurance carriers have been hit.
A little cyber history
Since 2005, we've seen more than 4,500 data breaches hit public record, according to Privacy Rights Clearinghouse. Every year, the Verizon Data Breach Investigation Report announces new numbers. As the global volume of data grows year over year, opportunities for theft grow, too.
It's not just small, inexperienced companies falling prey to hackers. Some of the biggest breaches in history have happened to some of the biggest players, many of them for exposures that really should have been caught sooner. For example, everyone knows it's important to set a strong password, right? Yet just last spring, Verizon found that "63 percent of confirmed data breaches involved weak, default or stolen passwords."
It's not just big players either: hacking can be automated, and some criminals prefer to streamline their efficiencies with low-yield, high-volume attacks. Don't forget: cybercrime isn't just a pastime. It's a growth industry.
In other words, no one's safe. That's true on a philosophical level (beware anyone who guarantees security outright, because the reality is, any defense mechanism can theoretically be cracked); it's also true on a practical level, as too many companies continue to neglect the simple best practices that could have kept them safe.
How does this topic come home to roost? According to a study by Experian Data Breach Resolution, businesses dealing in essential services should prepare for "full-on" attacks in 2017.
Business Insurance provided the highlights: expect cybercrime to get offensive. Corporations that have been hacked before may see old usernames and passwords sold all over again on the dark web in "aftershock" breaches. Payment system attacks will evolve and adapt. A lack of international agreement on "rules of engagement in cyberspace" will allow attacks to proliferate.
For healthcare organizations “mega” breaches are predicted, in which attacks on insurance wander into attacks on hospital networks. Anything connected, from OBD dongles, to autonomous cars, to connected homes have hacking potential. Johnson & Johnson recently issued a warning that even insulin pumps could be hacked. For insurers the risk is two-fold: They need to be concerned about their own systems and data being hacked and they also need to be ready for the implications of their policyholders being hacked.
For example, if you’re running a usage based insurance program that relies on dongles, and your dongles are hacked, causing drivers to lose control of their cars and crash, what are the potential implications?
While we urge all insurers to be vigilant and prepared for emerging cyber risk scenarios, we want you to know that at Silvervine Software, we practice what we preach.
Last spring, we completed our SOC 1 No. 16 Type 2 Exam. That's infosec-speak for having passed an intensive security audit administered by a qualified third-party. As we've said, "Companies who complete an annual SOC 1 examination are able to demonstrate a substantially higher level of assurance and operationally visibility than those companies who do not."
In summary, we offer highly secure insurance software as well as secure hosting services with a Mirrored Failover Option that provides internal redundancy at two secure locations more than 100 miles apart. Learn more here or request a demo.
The FedNat Insured Web is a great tool for our insureds!
They like having a centralized location to view policy info, make payments, upload policy documents, and elect to become paperless to receive a discount.
The insureds also can file a First Notice of Loss for a claim and access exiting claim info. Silvervine recently enhanced the site which allows insureds to upload policy documents directly to their policy. The uploaded docs go directly into our workflows and save a lot of manual effort on our part.
From my visits with agents, the agents appreciate the app for the amount of time saved on having to download and attach photos directly to the policy.
The app can also reduce the amount of staff required for a busy office to fulfill underwriting requests for photos.
When training agents they are amazed at how quickly the photos attach directly to the policy. After taking photos using the app and before they make it back to their desk, the photo is already attached to the policy. They also like the ability to attach additional photos for pre-existing damage.
Customer Service is seeing an improvement with retention as the text message definitely triggers phone calls from insureds to make payments.
The insureds love the fact that we notify them on their phones because they state that sometimes they don’t receive their mail for various reasons.
The insureds are paying more attention to the texts then to their actual mail. We try to set all of our customers up on that option if we notice that they are not currently enrolled, as it builds great customer relations as well as retention.
As a company we have adopted the use of Policy Scan for all our policies, and our agents have adopted the use of the app as well.
Not only is it easy to use, there is also no more worrying about losing photos, having to store photos or photos being attached to the wrong policy.
With Policy Scan we have increased efficiency in our workflow and reduced our exposure on the risk.
Silvervine’s core administration solutions easily handles multiple carriers within multiple states, including accounting, payment processing, immediate policy issuance and endorsements.
What started out writing one product, one line in one state has now grown into mulitple products, multiple lines and writing in multiple states. We have over $95 million in annualized premium in-force and we expect to grow by 20% during the next year all serviced by Silvervine.
Silvervine was our insurance software system of choice when we started the company in 2006. Silvervine enabled us to begin business within a few months of licensing the company. Today, we are one of the top 20 homeowner’s writers in Texas and SIlvervine’s solutions have been an integral part of our success.