The end of the recent settlement against Nationwide Insurance stated that “this settlement should serve as a reminder that companies have a responsibility to protect consumer’s personal information’. And how are they managing that? How are any of the carrier’s managing that?
As I have stated in prior blogs, in reference to AI – 32% of insurance executives said their own company would be transformed within the next three years; 79% think it will revolutionize information collection, and 55% said they need better data analysis and insight on the key benefits? Still, many are just now coming out from under the disk operating system (DOS) – some haven’t even started.
One of the carriers I worked for would send out emails as ‘tests’ to see if us employees would open them up. They would send emails promising funny Halloween costumes, a goodbye from a disgruntled employee, and a vendor offer. Of course, we all opened them, just to get our hands slapped. Meanwhile, they’re still using disk operating systems.
If you recall back on May 12, 2017, there was a huge ransomware attack on Microsoft Systems. What made these systems easily hackable is that they had not been updated with the much-needed patch.
The problem that I see is this, while carriers are updating their systems are they keeping their DOS files properly updated and protected. I have been told from more than one carrier that they have ‘stopped updating’ their DOS systems because it’s not relevant any longer, but they are keeping them active because of the information/notes are needed.
It becomes employees being tested for their resilience while systems are still in the dark ages. I think the industry watchdogs need to think outside the box and begin monitoring the progress of computer systems and the security of the information within them.
Sometimes having the cyber insurance isn’t enough, it would set many of us at ease to know this is being done.