The State of Mobile in Insurance Firms
The adoption of mobile devices within enterprises allows employees to become more agile, productive and facilitates work on the go. This trend has been demonstrated within the insurance industry where firms have embraced digital channels both for their customers and employees. Despite the numerous benefits that the adoption of mobile brings to the workplace, it also brings a slew of new challenges, risks and costs.
This article is based on a Wandera report which used analysed data from the mobile estates of 25 leading insurance firms which collectively comprise of more than 10,000 iOS, Android and Windows 10 devices. The anonymised dataset was used to analyse six months of activity on an aggregate level, providing insights that reveal the current state of mobility inside the typical insurance firm.
THE DATA EXPLOSION
The amount of mobile data consumed on work devices has increased rapidly. In fact, at the end of 2016 the volume of mobile web traffic surpassed desktop for the first time, and it has remained above ever since. This explosion, as well as the fact that employees regularly use work devices for personal usage, has left many insurance companies spending huge amounts on mobile data – it’s clear to see that the financial burden of embracing mobility can be significant.
THE PROBLEM OF SECURITY
It’s not just data usage on the rise; security incidents are also occurring with growing regularity, the ways in which attackers are targeting companies are increasing in both variety and sophistication.
As for the insurance industry, the rise in mobile security events has led to new opportunities as well as new problems, meaning more risk managers want insurers to cover against such attacks. Whilst this provides new opportunities to move into new markets, it also puts more pressure on security leaders to ensure all forms of their own cyber risk are at a minimum.
RECENT SECURITY BREACHES IN THE INSURANCE INDUSTRY
In a study by Accenture, insurance companies were found to be experiencing an average of 113 cyber attacks a year. Around a third of these were successful. Even more worryingly, in most of the instances the company did not know it had been hacked until the damage was done.
Allied Property and Casualty Insurance Company, which were fined $5 million from a breach including 1.27 million customers
Insurance companies were found to be experiencing an average of 113 cyber attacks a year
As the insurance industry has been a main target for hackers for many years now, nearly all companies have well-establish security systems in place, particularly when it comes to their core IT systems. Unfortunately, too few companies have invested in mobile security the same way.
So, why are insurance companies taking this risk?
1. Employers don’t want to upset employees
Employees seem to understand that work laptops are for work purposes, this expectation however is less present when it comes to mobile devices as the relationship of ownership and privacy is balanced differently.
2. Lack of knowledge around the risks associated with mobile
There is a mistaken feeling within insurance firms that mobile devices are already sufficiently protected. Erroneously, Apple devices particularly are thought to be entirely secure. However, because of lack of education and knowledge around the vulnerabilities on both iOS and Android has led to consumers underestimating the risks associated with mobile devices, for example resting upon the assumption that phishing only takes place through poorly written emails Hackers are wise to the fact that mobile devices are the weak link in a company’s defences and are using them to gain access to corporate networks and sensitive data.
Mobile data usage
It’s no surprise that mobile data consumption continues to grow, as the latest applications and updates eat up ever greater amounts of data. New features like Instagram stories and the implementation background sync in Office 365 all contribute to a rapidly growing monthly data usage rate per employee. Average monthly data usage at the typical insurance firm for June 2018 stands at 1.25 GB per device. This has risen from just under 1GB in January 2018, representing an annual growth rate of 93%. Should this rate continue, the average data usage per device is likely to reach more than 2GB by mid-2019
As devices and applications become more sophisticated, so too do the techniques that hackers use to attack them. Keeping up with the latest developments in mobile security can be a challenge for many mobility and security leaders, especially against the backdrop of a vast and rapidly evolving threat landscape.
- Phishing has become the number one mobile threat
- iOS continues to offer little room for attackers to exploit regarding installing malware, and Android has dramatically improved its safeguards against network threats
- Phishing provides an avenue for criminals to target victims with clever campaigns that extract data without the need to compromise the OS or install any applications on the device.
Many of these attacks are even able to bypass two factor authentication and efforts such as containerisation do little to prevent the loss of sensitive data.
of devices will download malware each year
of devices will suffer a phishing attack each year
Mobile security risks
Taking measures to limit the opportunities for criminals to target your corporate or BYOD devices is certain to reduce- but not necessarily eliminate- the likelihood of attack. These measures include implementing an acceptable usage policy. Many cyber-attacks originate through adult sites and apps; a category many insurance firms block on corporate-owned networks but do nothing for employees accessing such material through 4G connections or public Wi-Fi spots.
Another risk is apps downloaded from third-party app stores or other unapproved download sources. These apps are not necessarily illegitimate by default but will not have undergone the robust approval process demanded by the likes of Apple or Google.
The average employee accesses risky content 18 times a year on their mobile device
The average employee accesses inappropriate content 140 times a year on their mobile device
The average employee downloads one app per year from unofficial app stores
The average employee accesses websites or apps that are leaking data 3 times a month on their mobile device
The average employee connects to a vulnerable network twice a month on their mobile device
Wandera provides mobile security and data management solutions to some of the world’s leading insurance companies. Unlike endpoint mobile threat defence vendors or enterprise mobility management platforms, Wandera offers full visibility and control over your mobile data allowing you to prevent phishing attempts, network attacks and malware downloads before they reach the device.
Understanding where your company’s weak points are is the first step to making sure you are equipped to deal with the latest threats. For further information about how you can implement Wandera’s Mobile Security and Data Management Software and take control over your mobile threat defence strategy, get in touch with us today.