Modernization of finance industry through the use of information technology (IT) is one of the important and most convenient developments in the insurance industry. However, with the risks attached to IT, the finance industry is currently facing the challenges of security breaches which affected the growth of some companies and the industry per se. This paper will discuss the IT issues confronting the industry, how it is likely to be resolved, and the future of the finance sector.
Media organizations have reported various data breaches cases that affected the finance industry in the past few years. Martha C. White of the Time magazine reported in 2012 that Visa and Mastercard incurred data breach affecting 10 million people (White, 2012). Visa Inc. concluded that the security breach is a third party incident (White, 2012).
JP Morgan Chase’s data breach is considered to be the biggest data breach issue in 2014 affecting 83 million customers (Reuters, 2013). Hackers accessed the information of the bank’s clients. The data breach caused the increase of JP Morgan Chase’s security investment to USD 25 million a year. The New York Times article stated that hackers were able to enter JP Morgan Chase’s database due to the neglected server and failure to use two factor-authentications (Goldstein et.al. 2014).
A PBS News Hour articles dated 5 February 2015 revealed that a large insurance provider, Anthem, suffered data breach after unidentified individuals stole and accessed 80 million customer information including names, medical identification, birthdate, social security number, employment information, snail mails and emails (PBS News Hour, 2015). The said data breach caused the company more than USD 100 million lost (Osborne, 2015).
The impact of Anthem is severe that it can put down the financial health of the company. The consumers of California also sued Anthem. The financial loss of the company may also contribute to further slow growth of the insurance industry. The website of PricewaterhouseCoopers LLP (Pwc), a provider of global annual reviews of the sector, revealed that the insurance industry continue to grow but at a rate lagging behind many sectors. It attributed the slow growth to many issues including old standard of financial reporting, cost of data redesigning and system process for transformation, regulatory uncertainty, automated driver assistance programs in the automotive industry that lower the cost of premiums in the car insurance, among others (Pwc, 2015).
Pwc’s document also noted that the insurance industry is investing on the information technology to automate its processes such as the collection, billing transforming policy, and claims processes. The insurance companies rationalize such transformation with the expected 10-30 percent reduction in the maintenance cost (Pwc, 2015).
According to the news articles of the Information week, security breaches in insurance industry have been existing since 2012. The article identified that the breaches are made through hacking, identity fraud, and identity theft (O’Donnell, 2012).
Data breach was initially an issue to the finance companies. However, as time passes by, such issue started to be a problem to various industries. A Forbes news article listed the top data breaches in 2014 and among the major security breaches occurred to retail company Neiman Marcus, hotel franchise White Lodging, and Sally Beauty Store. Also included in the list are gambling firm 11 Casinos, New York non-profit organization, restaurant PF Changes, Albertsons and Supervalu supermarket, Community Health Systems, and UPS (Hardekopf, 2014).
Impact
The banking, insurance, asset management, and venture capital make up the finance sector. According to the most recent statistic of the US government, the finance industry had a total value of USD 36.35 trillion in 2012. The banking sector accounted for USD 14.45 trillion of the total value while the asset management represented USD 18.9 trillion. The venture capital had USD 3 trillion values while the insurance had USD 1.27 billion value (Select USA, 2015). Among the key players in the financial industry include Visa, Mastercard, Citigroup, JP Morgan Chase, Meryl Lynch, Bank of America, and AIG.
The finance industry as a whole suffered severely due to data breach. According to the report of Frat Howarth on 30 April 2014, the industry lost 500 million records, and various finance companies reported financial and reputational loss (Howarth 2015). The report said that the stock prices of Well Fargo, Bank of America and Citigroup fell down by .4 to .9 percent while JP Morgan Chase’s fell by 1 percent due to security breach (Howarth 2015). Bizjournals article noted that the data breach in Anthem caused the company more than USD 100 million financial losses (deBruyn, 2015). Mastercard suffered litigation and the retailer partner, Target, demanded for reimbursement of financial losses.
Data breaches are becoming more sophisticated over time. Hence, the financial sector needs to continuously update their security system to prevent fraud. The most common cause of the data breach includes the negligence of adaption to a more advance security methods and third party risks.
Prevention
Cyber security website, Kroll, provided ways to prevent security breach among the companies. It noted that firms need to look at security beyond IT security. Managers should ensure physical safeguards to operational area, apply strategic human resource employee exist strategies, protocols on remote projects, and data storage practices on and offshore. Other tips the website shared include provision of protection plan on data losses, proper handling and protection of confidential data, security training among employees, and periodic risk assessment (Kroll, 2015).
Kroll also advised to use transit and exit data encryption, employ an expert to analyze third-party corporate breach and data security to assess the company’s level of risks, update and patch software, and ensure that vendors and partners have the same level of security as you by sharing your applicable protocols (Kroll, 2015).
The website of Bankrate also noted that data breach can be prevented through limiting the number of third parties that a company is sharing information, ignoring unsolicited and malicious emails and attacks, and changing passwords and pins for personal account often. Bankrate also advised to monitor suspicious charges on financial account, tokenization of mobile payment platforms, upgrading cards to a more advance and secure version, and preventing company info sharing in the social networking sites (Skowronski, 2015).
Outlook
The growing concerns on data breach and the huge monetary and reputational causes of it will likely increase the number of financial companies that will apply the most updated way of information technology security maintenance. The finance industry sector continuously increases the dependence on information technology as they increasingly automate their business processes. As a result, the demand for more advance information technology security system may significantly increase.
Further, the financial services company may develop their own internal team in the information technology department and devote time and resources for coming up a more advance system that may fight the emerging new and increasingly sophisticated hackers of the industry. Corporate policy such as the strict implementation of the privacy regulations of the company may also help prevent fraud and security breaches in the future.
The advance development of security systems may also reduce the rate of losses incurred by the industry in the coming years. Concerned companies should also be aware of the type of hackers and their groups that are attacking on similar patterns, report and cooperate with the authorities to have the said groups liable to the law to prevent further damage in various industries.
It has been said that data breach comes in many forms whether data or information of the customers are automated or not. The strict implementation of law in capturing and punishing the violators will help curbs data breach issues in the finance industry and all other sectors that are also prone to such issue.
As the groups of hackers are becoming more sophisticated in their ways, losses as a result of data breach may not be reduced significantly in the forecast period as the hackers may develop new ways to acquire information of consumers. It is important that the both the consumers and the government sector be vigilant in investigating the company that is a victim of data breach for the authenticity of his her claims.
Summary and Conclusion
The paper discussed the key challenge of the financial sector, data breach. In the discussion, we learned that the financial services sector incurred huge monetary and reputational damage affecting 500 million accounts. Data breach caused several hundreds of millions of financial losses to the financial industry composing banks, insurance, asset management, and venture capital.
The finance industry generated a total of USD36.35 trillion revenues in 2012. The key players include Visa, Mastercard, Citigroup, JP Morgan Chase, Meryl Lynch, Bank of America, and AIG. The major data breaches occurred in the finance industry from 2012-2014 are those experienced by Visa, Mastercard, JP Morgan Chase, and Anthem insurance.
The negative impacts of data breach in the finance industry, aside from the hundreds of millions of affected accounts and financial loss, are stock price fall of Well Fargo, Bank of America and Citigroup due to the negative perception, and declined trust to the financial sector.
Various information technology firms and concerned organizations provided advises on how to prevent data breach. Among these are physical safeguards to operational area, apply strategic human resource employee exist strategies, protocols on remote projects, and data storage practices on and offshore.
A firm can also prevent security through limiting the number of third parties that a company is sharing information, ignoring unsolicited and malicious emails and attacks, and changing passwords and pins for personal account often
Finance companies have been prone to many attacks because the banks and insurance are the most useful means to incur funds. Hence, the finance sector is the most important target of the hackers as financial cards and insurances are useful way to sustain themselves and to further their operations. It is important for a manager of the company to always remind its employees about potential frauds and other security issues that may arise in the company. It is also important for a company to be updated on the methodologies of the hackers and fraudsters to educate its employees on how to address such methods and strategies. A company should conduct cross-department awareness on security breach to alert everyone if an attack occurs.
Further, a company should also be firm in applying legal actions on security violations that occur inside and outside the economy. That is the only way we can help curb security issues through strict implementation of policies and laws.
Managing the information technology requirements of a company needs ample resources and time. As such the companies should have sufficient investment on its security processes. It should be one of the integral corporate policies particularly among the finance entities as the people’s money is at stake.
Massive and excessive data breach can cause economic downturn to a nation as it can remove so many resources to the movers of the markets, the industries. Hence, the government needs to create and update its policies concerning hackers and fraudsters. It must also create and investigating committed for a potential inside job incidents or corporate corruption that mask behind data breaches and financial loss.
Cooperation among the government private sectors and information technology firm can help address security issues. There are many vendors that specialize in IT security that can work with the government and trade associations for the development of high technology and hard-to-break security methods and chips no matter how a person is exposed on the codes. Such will require adept research and development but may significantly benefit several industries across the globe in the future. If the multi-sectorial cooperation will invest and be focused on such development, it will be hard crime organizations to be successful in hacking and practicing fraud.
Data breach has already been existing even in the old times. As technology develops, hackers are becoming more sophisticated in finding ways on how to access and use information on their advantage. For any innovation and technological development, a developer should always keep in mind the importance of applying high technology security product or process to protect users and firms from great financial and reputational loss. Such will slow, if not stop, the increase of data breach incidents and the damages incurred from the issue. The companies and consumers will have more peace of mind in transacting products and services anytime and anywhere.
Litigations involving security breach may also decrease significantly if highly secured innovations are propagated. For sensitive products such as the financial instruments, there must be an information technology body that will help regulate and assess the security measures and risks of any financial product and the technology concerning them. There must also be a system in which victims of the financial fraud due to data breach recover funds that were lost, a system that the government and private sector spend time on studying and researching to minimize, if not eradicate, financial losses due to data breach.
Such efforts may not take overnight, but are very possible to happen. Private institutions and the governments have higher resources than the organized crimes. Its only through diligent means and focus that we can totally address the security issue on finance industry.
References
September 19,2013JP Morgan data breach entry point identified: NYT. Reuters. Retrieved from http://www.reuters.com/article/2014/12/23/us-jpmorgan-cybersecurity-idUSKBN0K105R20141223
February 5, 2015. Data breach at insurance company could impact millions. PBS News hour. Retrieved from http://www.pbs.org/newshour/rundown/data-breach-insurance-company-impact-millions/
Osborne, Chartie. February 12, 2015 Anthem data breach cost likely to smash $100 million barrier. ZDNET. Retrieved from http://www.zdnet.com/article/anthem-data-breach-cost-likely-to-smash-100-million-barrier/
Goldstein, Matthew et.al. December 22, 2014. Neglected Server Provided Entry for JP Morgan Hackers. Dealbook. Retrieved from http://dealbook.nytimes.com/2014/12/22/entry-point-of-jpmorgan-data-breach-is-identified/?_r=0
2015. The Financial Services Industry in the United States. Select USA. Retrieved from http://selectusa.commerce.gov/industry-snapshots/financial-services-industry-united-states
deBruyn. February 24, 2014. Report outlines impact of Anthem data breach in N.C. BizJournals. Retrieved from http://www.bizjournals.com/triangle/news/2015/02/24/report-outlines-impact-of-anthem-data-breach-nc.html
2015. The Insurance Industry in 2015. PWC. Retrieved from http://www.pwc.com/en_US/us/insurance/publications/assets/pwc-top-issues-the-insurance-industry-2015.pdf
O’Donnell, Anthony. May 12, 2012. Nationwide Security Breach Raises Priority of IT Security. Information Week. Retrieved from http://www.insurancetech.com/security/nationwide-security-breach-raises-priority-of-it-security/a/d-id/1314229?
2015. Data Breach Prevention Tips. Kroll. Retrieved from http://www.kroll.com/cyber-security/data-breach-prevention/cyber-risk-assessments/data-breach-prevention-tips
Skowronski, Jeanine. 2015. 13 Tips To Avoid A Data Breach. Bankrate. Retrieved from http://www.bankrate.com/finance/credit-cards/tips-to-avoid-data-breach.aspx