This article was produced in partnership with Intact Insurance
David Saric, of Insurance Business, sat down with Rick Morris, vice president, broker solutions, Intact Insurance, and Barry Haggis, president, Young & Haggis Insurance Services, to speak about the existential and pervasive threat cyber vulnerability poses to the industry.
It may be large corporations like Suncor Energy Inc. that hit the headlines when they face up to a costly cyberattack, but small and medium-sized businesses rich in personal data, such as insurance brokerages, are also prime targets for cyber criminals.
“Cyberattacks should be viewed as an existential threat that can affect any insurance brokerage, at any time,” said Rick Morris (pictured left), vice president, broker solutions, Intact Insurance.
In addition to the potential financial losses related to cyber heists, a business’s reputation is also on the line. As Insurance Business recently reported, after oil and gas giant Suncor’s breach, an expert warned that customers may “think twice” before slipping their credit cards into a gas machine and filling up at its stations.
Smaller companies, including brokerages that handle confidential customer information, need to take their potential cyber exposure just as seriously as big corporations.
“There is a view that cyberattackers want to go after the bigger companies because they have deeper pockets for ransomware payments, and that small or medium size businesses won’t attract as much attention from these bad actors,” said Morris.
The reality is that bad actors may target these businesses precisely because they think that smaller companies haven’t invested adequately in cyber protection.
Like climate change, cyber is a threat that impacts the entire insurance industry – brokers and carriers alike. As Morris sees it, the insurance industry still needs to do a lot of work to patch up its vulnerabilities.
Key among these is an over-reliance on third-party cyber security providers.
“Neither brokers nor insurers are cybersecurity experts and it’s imperative that we work with experts,” said Morris. “But businesses often think that if their cyber security is managed by someone else, they have offloaded any responsibility to that third party. That is not the case.”
Instead, creating a robust internal system that implements and maintains vigilant behaviour is essential.
Whether it is refraining from using business devices for personal emails or implementing a policy that forbids the use of personal cell phones for work-related communications, leaders need to make sure that these easy safety measures are implemented, understood and taken seriously.
They also need to set the right example for their employees, with their own actions.
“This messaging and actions need to be consistent and to come from the top down,” Morris stressed.
Ongoing training, such as fake phishing campaigns to see if employees click on potentially risky links in an email designed to test their cyber savvy, is also effective at creating better habits.
These simple steps are integral to “avoiding a full-blown catastrophe,” as Morris put it.
And while brokerage leaders need to own these initiatives, they do not have to invent them. Many brokerages use a cyber security awareness program offered by Intact-affiliated company Partner Solutions Inc. (PSI) for email phishing and other awareness and training initiatives. PSI is a managed IT service provider for Canadian brokerages that offers technical support, cloud integration, security monitoring and 24/7 support.
To address the growing need to safeguard brokerages from cyber threats, Intact has launched a cyber awareness initiative for brokerages, intended to get brokers to look carefully at their cyber risk exposures.
The initiative begins with a short survey that evaluates the respondents’ awareness of cyber risk and preparedness.
Intact worked with an independent specialized cybersecurity firm to develop the survey, with the firm subsequently helping brokers navigate through some best practices that could help improve their cyber posture.
A common theme evident among participants’ responses is that many brokerages do not have a planned response to cyber threats.
“Many brokerages have an inadequate cyber coverage and a non-existent continuity plan if their business is disrupted due to hacking,” Morris noted.
Brokers also reported uncertainty over what to do in the event of an attack. Many were uncertain who they needed to call first, when and how customers should be notified or how to get a hold of their impacted carriers.
Part of Intact’s commitment to improving brokers’ cyber posture is the rollout of a new cyber breach reporting protocol. The protocol makes it clear what brokers need to do, and how, when a breach occurs.
“Breaches will happen. This is guaranteed. Our cyber breach protocol makes it easy for brokers to respond quickly and effectively, so that we can all work together to protect each other and customers,” Morris explained.
One brokerage that participated in Intact’s cyber initiative is Young & Haggis Insurance Services, a family-operated business that provides home, auto and business insurance to Albertans.
“Coming from a smaller brokerage, I definitely had the mindset that we were pretty safe,” said Barry Haggis (pictured right), president, Young & Haggis.
As cyber-attacks increased in severity and frequency, Haggis recognized that a system had to be put in place to safeguard the company’s confidential data.
“We had no idea where to start, or which companies were better to work with,” he said.
After completing the cyber survey, Young & Haggis collaborated with Intact and its cybersecurity partner to assess the brokerage’s vulnerabilities and to then create systems and procedures that turned it into a more secure company that upholds strict business standards.
“It was a very, very brokerage-based conversation, which is very comforting,” said Haggis. “It’s reassuring to have someone like Intact really take our security seriously. And it was clear that Intact really understood the benefits of the process and the need for brokers to start making this a priority.”
For Haggis, going through an assessment that identifies areas that need improvement while also recognizing those where the brokerage has been successful helps create a healthy attitude towards cybersecurity.
“It is great that Intact is leading the charge on raising awareness on cybersecurity for brokerages and that they really want to have brokerages excel at improving our cyber posture.”
Intact Insurance is Canada’s largest home, auto and business insurance company, the choice of more than four million consumers. Its coast-to-coast presence and its strong relationship with insurance brokers mean the company can provide the outstanding service, comfort and continuity customers deserve. Intact Insurance is a member company of Intact Financial Corporation (TSX: IFC), the largest provider of property and casualty insurance in Canada and a leading provider of specialty insurance in North America.
