Insurance companies should not ignore the changing technological landscape
By means of
For many in the insurance field, technological advances may present a new caliber of vulnerabilities to worry about. However, a more risk-based approach to cyber security rooted in a maturity-based model will allow the industry to keep up with the pace of modern life without sacrificing its diligent surveillance.
“These innovations are an opportunistic risk,” said Benjamin Dulieu, chief information security officer at Duck Creek Technologies. “There is a yin and yang in adopting new technologies, but the benefits are beginning to outweigh the drawbacks.”
Speaking to Insurance Business, Dulieu outlined how to gain a solid footing in the ever-evolving world of cyber threats and how his training in the United States military helped prepare him for in the world of insurance.
Cyber security is a constant battle
Throughout the past decade, the need for strong cyber security for businesses large and small has only gained momentum, becoming one of the most talked about events in the entire industry.
It has also become a hot topic among insurers, as the landscape is constantly evolving and requires security professionals to always be ahead of the curve.
“Once a vulnerability is handled by cyber security professionals, a new code is written months later that builds on the weaknesses of the previous iteration,” Dulieu said. “This means that threat actors are becoming more and more attentive to how to circumvent the protections and security measures that are put in place.”
“These ‘script kiddies’ realize it’s easy to attack vulnerable businesses without much of a cyber threat background,” Dulieu said.
Businesses must be prepared for risk, and responses must include action based on creativity.
“Having a fundamental cyber security program rooted in a maturity-based model is more important than ever,” Dulieu said.
He highlighted the National Institute of Standards and Technology (NIST) and Control Objectives for Information and Related Technologies (COBIT) frameworks as models for advanced security measures that should be used for cyber security measures. “If you follow any of these frameworks, you organically and intentionally have data hygiene and follow the best security practices.”
The most recent development is the zero trust architecture, which requires authentication and authorization at every stage of interaction between a user and a network, creating barriers for threat actors to navigate.
“Industry is the last to tap innovation and change”
For Dulieu, the insurance industry has a bad reputation for its luddite tendencies, and while this may be warranted in some respects, it sets the industry back in terms of a holistic evolution.
“The industry is still using outdated technology and old-school databases,” he said. “There is a whole reservoir of untapped potential that these developments can offer, and they can certainly be adopted without losing sight of the larger, risk-aware insurance framework.”
Generative AI technologies like ChatGPT offer an opportunity to help streamline productivity and help strengthen security measures; Another opportunity is to adopt cloud-based security.
“‘Migrating to the cloud’ is an old term now but it brings a new way of looking at security architecture,” said Dulieu.
“If you don’t have that experience now, you’re behind. You need to know how to protect the cloud environment, which is not the image of a castle with fortified walls like the security infrastructure in place.
“Understanding, empathy and compassion move a team towards a common goal”
Dulieu’s entry into the insurance industry was an event, but there were foundational connections to his training as a command and control systems officer in the United States Marine Corps.
“I really thought I’d go into the sales realm, but my Marine Corps training primed me for a cyber security venture,” Dulieu said. “My foundation in technology has really opened these doors for me to break into governance, risk and compliance roles.”
Dulieu’s time in the Marine Corps instilled the values of collective team building and accountability. “As a leader, I am responsible for everything I do and fail to do, including the team I manage,” Dulieu said.
“It requires a need for understanding, empathy and compassion to bring a team towards a common goal.”
Dulieu also knows the importance of making everything a process. “If you don’t make things repeatable, then you won’t know the efficiencies and inefficiencies he says.”
“This is especially true for cyber security, where everything must be formal and scalable, with the ability to adapt, but reliability is key.”
Keep up with the latest news and events
Join our mailing list, it’s free!