Digital trust

Earning trust in the insurance industry through process, training and transparency

Trust is the cornerstone of any good relationship. In an age where business relationships are internationally held and made, trust must be built through reputation and reliability. This is especially true of digital trust.

A recent study by McKinsey found, 70% of consumers believe that the companies they use to do business with provide the foundational elements of digital trust1. Not only that, but Deloitte reports that over 50% of consumers said they “take a company’s cybersecurity record into account before they agree to use its services”2.

“As an insurance provider selling services in the online age, we know trust is vitally important, so our approach has always been to build trust into the DNA of the products and services,” says The Unisure Group’s Manager of Software and Data, David Gardiner3. “Security and trust are never just boxes to be ticked, but something we are always looking at and improving on.”

Why are insurance groups a natural target for cyber-attacks?

The amount of personal data and information that a company is responsible for is often underestimated, especially within the insurance industry, but not by criminals looking to sell that data.

“Insurance companies, by their very nature, keep and process a lot of personal information for their clients, including medical and financial information,” David explains. “It’s natural, therefore, that they would be targeted for that information.”

Providing international health and life insurance solutions to individuals and corporates around the world requires us to manage a lot of data. Taking on the responsibility of keeping our clients’ information safe and secure therefore remains a critically important task for us.

“One way that we keep our clients’ personal information secure at Unisure is by making a point of not storing any of our clients’ financial details on our systems. This is both to mitigate risk and reduce the potential rewards for attackers, allowing us to handle certain silos of information separately,” David says.

Without compromising our security strategies and divulging too many details, there are many more small steps we take to ensure that a consistent level of security and trust is upheld on a grand scale. This includes segmenting data, using firewalls around our company’s network with restricted access to information, and initiating regular training to strengthen our staff’s understanding of security risks and potential pitfalls. All of these individual tactics work together to secure our systems and create a safe environment for housing our clients’ personal data.

Has The Unisure Group ever suffered a data breach or theft?

Staying ahead of the game and being constantly vigilant has served us well, which is why we’re proud of the fact that corporate and individual clients in over 100 countries around the world trust us with their international health and life insurance policies.

“Data breaches can attract large fines from the regulatory bodies, depending on their severity, but more important than that is the loss of reputation,” David elaborates. “As a company, we’re happy to report that we’ve never had a data breach. We are selling trust, so if we were to suffer a major data breach, it would be damaging to a our clients’ belief and their families’ future financial wellbeing.”

“The worst kind of cyber-attack we’ve experienced has been a phished Microsoft account,” David explains. “As soon as it happened, the account was immediately locked down and an audit of what was accessed was conducted to determine what procedures needed to be followed.”

Transparency and open communication is key

When it comes to digital trust, transparency is key. This applies to transparency about if and when a data breach occurs, and also transparency around what data is being stored and what recourses clients have to request that their data be removed.

Although it hasn’t happened that sensitive data has been compromised, if it were to happen, The Unisure Group would be legally required to notify anyone we suspect may have had their details compromised. We would also immediately try to determine the source of the attack and provide further education or extra security measures to further harden the accounts against compromise, David explains.

Clients also have a right to know what data of theirs is being stored, and they have a right to request a copy of that data and/or to ask that their data be removed. The Deloitte Insights’s Building digital trust2 feature reports on the importance of companies putting the control of personal data back into their clients’ hands, saying that “often, the problem with data sharing is not so much the actual loss of privacy as the perception of loss of control, which leaves consumers feeling worried and powerless.”

By letting clients keep tabs on what data is being collected, how their data is being used, and how long their personal data is being stored, for example, clients immediately feel more in control of the process. One way in which we do this at Unisure is via publishing an easily accessible Data Protection Policy on our website, clearly outlining our Data Retention Policy and giving the contact details for our Data Protection Officer should anyone want to make a personal request.

Though there are constantly evolving threats and new ways of data siphoning, we make use of pre-emptive protection methods, world-class security infrastructure, knowledge transfer and upskilling of all our employees to provide our clients with the highest level of digital trust. Digital trust is something that we take very seriously, and our customers have confidence in our ability and promise to always keep their personal data safe and secure.

Sources:

  1. McKinsey – Why digital trust matters survey 2022 
  2. Deloitte Insights – Building digital trust 
  3. Interview with The Unisure Group’s Manager of Software and Data, David Gardiner, November 2022