The number of cyber attacks is on the increase and so is their level of sophistication. Because insurance companies are data driven businesses holding vast amounts of customer data (personal information, health and financial data), cyber attacks are a real threat and should be prioritised as one of their key operational risks. Most of the attacks against insurance companies have taken place in the US but insurers in Asia cannot afford to be complacent. In 1997, a multinational insurer in Singapore lost the personal data of over 5,000 of its customers as a result of a cyber attack. The cyber attack on the Marriott hotel group which compromised about 500 million guests’ data is a stark reminder of how devastating an attack can be. There is a pressing need for insurers to establish robust cybersecurity frameworks to protect their business data and the personal data of their customers. The issues faced by insurers which seek to improve their cyber resilience are not trifling as many of them are still using legacy systems which they chose to patch up. The increase in the volume of data collected across various business applications adds to the complexity of the situation. Yet, it must not be forgotten that intrusions in the system can happen as simply as a hacker stealing the identity of a claims processor.
