The advent of mobile devices and powerful new apps has allowed insurance companies and customers to “connect” as never before. But experts say the security of the most popular consumer smartphone platforms combined with the rising ubiquity of malware poses alarming risks to both consumer and insurer.
While mobile access to insurance policies has added convenience, smartphones using open platforms like Google's Android operating system leave consumers increasingly exposed to security breaches.
"The amount of malware out there [for Android] is astounding, and these devices are inherently insecure," said Kirk Herath, chief privacy officer for Nationwide. "The reason they're cheap and scalable is because they're insecure. A lot of people didn't like the BlackBerry because they couldn't download a ton of games and apps. But that's because it's a closed system, and it's 100 percent secure."
Compounding the problem is that customers like the convenience of mobile policy management, bill payment, claims reporting and balance checks. Customers have decided to place the security issue in the insurer’s corner, which means insurers must be proactive to ensure security whenever customers use today’s increasingly vulnerable mobile devices and apps.
Roy Post, chief information security officer for New York-based AXA Equitable believes security safeguards should be introduced at the start of new customer-facing initiatives, and not patched on as an afterthought. To make sure that happens,Nationwide's Herath believes security executives should learn to plug themselves into the process so their advice is received with credibility. "I see from most of my peers—when you start a program at any company, you start out unplugged, then you learn to plug yourself in," said Herath. "If you're a complete wet blanket, they'll figure out ways of working around you. Then it's the worst of both worlds—you can't get your job done, and they've introduced tons of operational risk into your business that will eventually come to roost in some sort of financial loss."
Herath feels it’s also a good idea to set up limits for acceptable risk. Insurers need to weigh the benefits of customer wants and needs vs the relative risk of a mobile app. There’s no perfect scenario here. "Mobile devices aren't architected for security—they're architected for ease of use," said Herath. "There's a constant balance we go through between ease of use and security. We understand if we locked everything down tight as a drum, we'd be totally secure, but we'd have no customers."
Post believes it’s wise to separate a company's app from other dangers inherent in a mobile device. "With Windows we had a monoculture,” explained Post. “Some were concerned that a supervirus would come out and attack all Windows machines anywhere, but that never happened. And now that we have iOS and Android and Mac in addition to Windows, what that now means is that we have to have deep expertise in not just one OS, but five."
Mobile devices and emerging apps pose a variety of security risks to insurers and their customers. To protect both means getting involved early in the integration of programs that will ultimately mean more business for insurers and easier access for customers.
Image courtesy of Idea go/FreeDigitalPhotos.net
Become a member to take advantage of more features, like commenting and voting.
Register or sign in today!