In a recent story written by Bill Kenealy, and posted on the Insurance Networking News website, we are reminded of the fact that if the financial crisis reminded the insurance industry of how exogenous events can test their risk management mettle, then, the recent flare up surrounding the disclosure of classified documents by WikiLeaks should provide a potent reminder about some of the risk challenges presented by information security controls within organizations.
While much of the heat around WikiLeaks centers on the legal and geopolitical circus surrounding founder Julian Assange and how difficult it is to restrict the dispersal of information in the Digital Age — for insurers, the real story is how the site managed to compile troves of internal data from the government agencies and corporations in the first place. And, with insurers possessing huge amounts of customer and operational data that is vulnerable to both accidental and purposeful disclosure, the need to adopt best practices for information management is imperative.
With insurers storing vast amounts of potentially sensitive or embarrassing information, a risk mitigation culture must pervade the total enterprise and a commitment to integrated risk management policies and procedures must come from the highest levels of the enterprise to be effective and ongoing.
Do you believe the insurance industry is doing a good job in mitigating its internal and external information security and control risks?
Perhaps, you should read Mr. Kenealy’s article, along with the referenced recent reports on this topic —e.g. Lloyds recent survey results report, entitled “Managing Digital Risk: Trends, Issues and Implications for Business “ — before answering this question.
Click here to read Mr. Kenealy’s full article on this topic.
If applicable, please pass this information along to those information security, compliance risk management or enterprise risk management team members in your organization.