Online data protection has, once again, been brought into sharp media focus this September. The hacking of the World Anti-Doping Agency (WADA) database being more than a little embarrassing for both the organisation and the athletes whose information was suddenly thrust into the public domain. Closer to our industry came the warning from the FCA that cyber-attacks against financial services was on the increase – at least 75 in the UK already this year – and that greater vigilance was needed.
A statement made all the more prescient a few days later when the FCA themselves suffered a ‘major incident’ which led to outages across their own systems. And, while this was later attributed to a hardware issue rather than an attack, the principle remains the same. Whether technical or criminal, crucial and sensitive data can be at risk if your diligence levels drop.
It’s a point of huge consideration for financial service organisations, given the enormous flow of online data and the continuing migration towards cloud-based applications. Which makes now a good time to take stock of what is expected of businesses when it comes to online data protection and remaining compliant.
The FCA has no problem with the cloud
So says the FCA guidance publication on financial companies’ use of cloud-based applications and third-party providers.
Central to this statement is the bit that says: “Appropriate consideration.”
Because absolute responsibility for the protection and safe-keeping of data is with the financial organisation, NOT the third-party cloud provider.
The cloud is an acceptable environment for data storage and transfer, but you must have carried out due diligence and risk-assessments to demonstrate that all reasonable measures have been taken in relation to data protection.
The PWC report: Insurance Banana Skins notes that cyber-security is the primary concern of insurance companies, given the type and volume of data they store. Making the appropriate checks and assessments is an imperative against the effects of data loss, as well as falling foul of industry regulation.
What you’re looking for in a provider
Let’s be clear, cloud computing offers exceptional new-age advantages for insurers and brokers alike. From real-time customer insight to the streamlining of sales, delivery, reporting and management of schemes.
It is the direction in which the industry is heading and a key focus area of this year’s BIBA conference. As an industry seeking to progress and keep pace with modernity, we must embrace these technological shifts and shed the fear.
But that does not mean we dive blindly into new partnerships.
In order to have faith in the technology we use, common sense dictates that we are diligent in our research. The insurance industry is founded upon the management of risk. Adopting cloud technology should be no different.
- Maintain control of your data – As I’ve already mentioned, you are responsible for data integrity, regardless of whether you use a third-party or not. When you work with a cloud-provider you need to know where and how the data is stored, ensuring it is retrievable and usable as and when you require it. Furthermore, you need to be clear that it’s stored in a suitably segregated fashion.
- Security – THE critical issue for an industry where data is so integral and sensitive. It might feel like a virtual wild west with all these different cloud-applications springing out of ground. Work with a provider who offers encryption, biometric locking and robust data back-up processes will offer peace of mind that your data is as secure as it can be, and that you are meeting compliance standards as laid out by the FCA
- Accessibility – Compliance rules dictate that, should there be a requirement, your provider should have a premises which is accessible to you, as well as auditors. And that any data can be accessed whenever required by you or for audit and inspection purposes. Which is why working with an industry specific organisation, populated by real-live and actual humans, is always a good thing.
We have to recognise that we live in a world of heightened cyber risk. Of course we do. However, this is a risk like any other, where sensible protocols, reputable partners and diligent assessments can make a significant difference when it comes to repercussions. There’s no such thing as a 100% risk-free environment. If there was, there’d be no insurance industry. Cloud-applications are as safe an environment for data as you are likely to find. As long as you manage them properly.