The competitive frontier for property and casualty insurers is in mobile apps. Agents, field service teams, and the insured customers themselves, are using native apps on iOS, Android and Chromebook devices to interact with their accounts and capture claims data, pictures and reports from the field. While the insurance industry’s increased usage of smart mobile devices greatly improves customer responsiveness and quality of coverage, these assets also greatly expand the cyber attack surface for hackers and malware.
Insurance companies already focus on network and laptop security to protect sensitive data from the headquarters to the agent’s office. With mobile technology coming to the forefront, insurers who do not proactively address the risks posed by advanced and persistent mobile threats remain liable for data breaches from cyberattacks on insured customers no matter what the entry point. What is your firm’s position on mobile threat defense?
Sensitive data resides on mobile devices used for property and casualty insurance work. Captured claims photos and geolocations, customer identity information, financial data, employee data and internal agency communications on devices are of potential value to hackers and cybercriminals. Device, network and application (or “DNA”) cyberattacks have become so prevalent across all industries that insurers are now indemnifying enterprises with standalone cyber-insurance policies, for an estimated $3.25B in gross written premiums for 2016. Here are the top reasons why mobile security is challenging for insurance companies:
Privacy vs. Security
When customers and agents increasingly bring their own devices (BYOD) for both personal and work purposes, the insurance firm cannot legally maintain the same level of surveillance they once imposed on corporate-issued equipment. Even when mobile devices are issued by the company, security policies become difficult to enforce in the field, because if an employee can see sensitive personal information, hackers can as well.
Agents and customers using mobile insurance apps and mobile web portals can log onto untrusted Wi-Fi networks for internet access. This opens the door for Man-in-the-Middle (MITM) attacks that intercept messages and emails, and sensitive account information passing between the user’s device and the insurer’s mobile app or site. Network attacks can be easily executed and may even install code or malware on the device to allow root-level control.
Application and Device-level threats
Many P&C insurance apps are designed to interact directly with the device’s hardware and OS to enable native capabilities like camera and geolocation for claims assistance. Relying on the base level security of the phone’s OS creates a high-value attack surface for hackers to apply malware or install code on the device, since users can run the app on an outdated Android or iOS operating system with known vulnerabilities.
Zimperium offers insurance companies, agents and insured customers the most complete, comprehensive and real-time Mobile Threat Defense solution for automatically detecting, reporting and remediating today’s — and tomorrow’s — advanced mobile threats.
Detection and prevention
Our zIPS™ app provides continuous self-service mobile threat detection and defense for Android, iOS and Windows mobile devices against network-based (or MITM) attacks, rogue application installs and OS vulnerabilities.
Secure, on-device engine
Our z9 engine automatically detects and remediates issues on-device rather than requiring an Internet connection, admin privileges or tunneling to a cloud service. This approach keeps private client data secure on the device without impacting performance.
In-App Threat Protection
Embed cyber security into your insurance apps with Zimperium’s zDefend (In- App Protection) solution. This innovative SDK is completely configurable by developers to detect and remediate threats to a device while that application is active, including detection of suspicious user behaviors, network attacks and interference from other apps. Self-protecting apps equipped with zDefend can take immediate action according to the policies set by the app developer.
• Nearly one out of five business and industry apps leaks personally identifiable information (PII).
• Every year, 42 million mobile malware attacks take place.
• 63% of grayware apps leak the device’s phone number.
Furthermore, enterprises believe mobile malware attacks occur more often than is reported. In a recent Gartner survey, 60% of respondents stated they believe mobile malware incidences are underreported. To the same question for desktop malware incidences, respondents stated they believe only 16% are underreported.”
Market Guide for Mobile Threat Defense. Analyst(s): Dionisio Zumerle | John Girard, 30 October 2018