Bitcoin, the alternative currency, is changing the way that the world operates. It uses a decentralized system to create a secure and anonymous payment system that can be used nearly anywhere in the world. The currency has not been without its ups and downs and the value of a bitcoin has become immensely volatile with a single coin being worth anything from $200 – $1,000 in the last year alone.
The blockchain is a database that is shared continuously by every node within a system; it is held in a distributed form which is fully encrypted. There are no requirements for third party checks of the system to validate a transaction or coordinate interactions within that system.
In essence it provides a system which is completely secure and which requires no central authority to work effectively.
Insurers currently provide four functions (from a financial perspective) they check the existence of something to be traded (a policy), they prevent duplication of transaction (e.g. no policy is sold twice to the same person), they handle disputes that arise from transactions and acts as representatives of their clients.
All of these functions could theoretically be duplicated by a blockchain. And insurers will be concerned to learn that the functionality of a blockchain could then provide:
A smart contract is a self-administered policy; one which is fully automated and in which the owner of the policy remains fully in control of that policy at all times. They would be able to upgrade and downgrade coverage as needed and without ever consulting the insurer directly.
Decentralized Autonomous Organizations (DAOs)
Bitcoin was the first DAO. It doesn’t necessarily follow that an insurer would be happy with this model of running a business in that the insurance DAO would literally exist outside of the law. A well-developed blockchain which was self-sufficient could provide enough security for people to move to an insurance model beyond traditional regulation. This would deliver new risks for consumers of insurance but substantially reduce the operating costs of an insurance business.
Increased Security in Policy Administration
While it is impossible to say that any technology is completely secure; no-one has yet managed to break the encryption and decentralized architectural approach of a blockchain. That means an identity created within a blockchain would be completely unique and offer a higher level of security that the insured party was who they claim to be and offer a greater sense of online security in general than say authenticating with social media (which requires no such identity development and can easily be faked).
It appears that the insurance industry could reduce costs and increase reach to any market simply and easily with blockchain technology. However, it remains to be seen whether any current insurer is willing to take the leap of faith required to put this into action. If they do not; it is almost certain that a new breed of insurer will arise to do so. The reduced administration costs and increased levels of security are both major benefits to customers even if they are challenging for the current insurance model to handle.
It’s not a mark of shame to have your data breached; it happens to the biggest companies on earth – cyber-criminals have large amounts of resources to their name and spend a lot of money breaking into other people’s data. That means insurers need to examine their preparations for what should happen when their data is accessed without authorization while still taking every precaution to prevent such a breach in the first place.
There are numerous tools that analyse the traffic that passes through a network; you need to ensure that you have the right people in place to examine these analytics and identify when a breach may be occurring. The earlier that you can identify an attack; the sooner that you can stop it. It’s not an easy task to identify suspicious behaviours but it must be done to minimize the impact of a breach in security.
Plan for the Day Disaster Strikes
It is vital that your IT team has a plan in place to handle any incidence of data breach. That means having a dedicated response team as soon as any event is detected. It means ensuring that your decision making hierarchy is clear and that the priority is to protect your data at such a time with other operational issues taking a back seat until the breach is sealed. You should also have a clear communication’s strategy in place; how are you going to inform the board, how will you protect your brand image, how are you going to tell anyone that their data has been affected and how will you let the wider world know what happened?
Test Your Plans
The best laid plans have a horrible habit of falling to pieces in an emergency. If you want to ensure that your plans are robust; you need to test them. You can run simulation exercises and find any weaknesses in the plans and fix them.
Keep Up to Date with Technology
A constant source of easy access to networks for hackers is companies that fail to implement manufacturer’s security patches. You want to make certain that you have a strong patch management strategy in place. You may also want to examine ways to beef up password security to prevent breach through employee logons.
In The Event of a Breach – Record Everything Happening on the Network
Those network analytics packages come in handy when a breach occurs too. You can use the data they generate to examine the event once you’ve sealed the breach. If you can identify the behaviours that led to the attack – you can watch for them in the future. If you can see how the attack operated; you can beef up safeguards on the areas of the network that hackers were trying to exploit.
Run a Security Driven Corporate Culture
Time and time again; it is human failures that make it easy for hackers to gain access to networks. It has been repeatedly demonstrated, for example, that people will often handover their work machine passwords in exchange for minor incentives (like a chocolate bar). If you make data security a fundamental part of the business culture you can prevent many of these easy points of entry for hackers.
That means developing training and a management culture that supports employees to make the best decisions when it comes to data security. This needs regular reinforcement – one off events aren’t going to make a long-term difference.
It’s unlikely that any company in the world of finance is going to remain untargeted by hackers over the coming years. Even the greatest level of security precautions can fail. It is as important to be prepared for a data breach as it is to attempt to prevent such a breach in the first place. A series of simple actions can make your data protection policies much more robust.