Broker Security Forum 24: Cybersecurity in the focus of the insurance industry

The Broker Security Forum 24 took place at the end of August 2024 in Münchenstein (BL) and was organised by Guido Markowitsch, CEO of WMC IT Solutions AG. For the first time, the specific needs of insurance brokers were addressed, underlining the relevance and urgency of the topic of cybersecurity in the industry. Thomas Bürki, Head of Customer Care at WMC, moderated the event and led the discussions on current challenges and possible solutions.

Just eight days after Helvetia’s Cyber Symposium in Bern, another event aimed at insurance brokers followed with the Broker Security Forum 24.

Outrageous legal requirements

Urs Lehman, President of the Swiss Insurance Brokers Association (SIBA), emphasised the fundamental importance of cyber security for the industry. In view of the sensitive customer data that brokers work with, it is crucial to gain the trust of clients and to take legal requirements seriously. Lehman criticised the current regulations as ‘outrageous’ and called for the regulatory framework to be adapted to reflect the dynamic threat situation.

Insurance brokers are increasingly exposed to cyber attacks, which can result not only in financial damage but also massive reputational damage. A successful cyber attack can not only cause significant financial loss, but also irreversibly damage a company’s reputation. Proactive risk assessments and rapid responses are therefore essential.

Where does the customer’s shoe pinch?

Elija Boss from Selution AG made it clear that it takes an average of 207 days for cyber attacks to be detected. Significant damage can occur during this time. Selution offers services that help companies secure their business operations, including disaster recovery. The company focuses on three core areas: Cyber Awareness, Ethical Hacking and the establishment of a Cyber Security Intelligence Centre. The current threat situation requires companies to rethink their security strategy, as cybercrime is now the third highest cost in Switzerland. According to Boss, employee training must be promoted particularly intensively in order to minimise human error – the most common point of attack.

BACS: Federal competence centre for cybersecurity and first point of contact for businesses, authorities and the public for cyber issues

Marc Henauer from the Federal Office for Cyber Security (BACS) emphasised that KYC (Know Your Customer) is now also being extended to KYS (Know Your Supplier). The BACS acts as a central point of contact for cyber issues and plays a key role in protecting critical infrastructures. In view of the digital transformation, it is important to look at security beyond the boundaries of one’s own company. Responsibility for cybersecurity must also be extended to suppliers and business partners in order to identify and minimise vulnerabilities throughout the supply chain.

Who are the attackers and what are the trends?

The Baloise Group, represented by Marc Etienne Cortesi, Chief Information Security Officer (CISO), is observing an increase in targeted attacks on the financial sector. Cyber threat intelligence makes it possible to better understand the background and motives of cyber criminals. Cybercrime is now considered the third largest economy with an estimated annual turnover of 9.5 trillion US dollars, and this business area is growing by 15 per cent annually. In this context, it is clear that only seven per cent of companies in Switzerland are insured against cyberattacks – an alarming figure that underlines the need to raise awareness of the risks and the importance of appropriate security measures.

What role does artificial intelligence (AI) play?

Christian Sturm from Zurich Insurance Switzerland warned of the dangers of CEO fraud, in which companies are manipulated with false identities in order to transfer money. The damage caused by such attacks in Europe amounted to around USD 1.5 billion in 2023. In order to minimise the risks, a comprehensive security strategy is essential, which also includes regular training for employees on efficient responses to security incidents. Securing third-party companies is also of central importance, with comprehensive checks being carried out before contracts are concluded. A proactive review of IT security is crucial in order to identify potential risks at an early stage.

Security from the brokers‘ perspective

Oliver Hedinger from VZ VermögensZentrum added that the greatest risk comes from human error. To counteract this, regular training and sensitisation of employees is essential to make them aware of potential threats. Internal systems for simulating attacks help to promote security awareness and actively involve employees in the process. Hedinger made it clear that training programmes and an internal competition ranking, which encourages employees to improve their security knowledge, have proven to be effective methods.

The forum thus emphasised the need to understand cyber security as a key challenge for the insurance industry, and to take appropriate measures. The players in the industry are required to continuously review and adapt their security strategies in order to counter the constantly evolving threats. Only through close cooperation and the exchange of best practices in the area of cybersecurity can the industry as a whole be strengthened and the security of all players involved be safeguarded.

BK

Read also: Helvetia: 2nd Cyber Symposium shows the importance of cooperation between business, government and science