Insurance companies today are finding themselves at a crossroads as they embark on a journey of digitization to reinvent, transform, and differentiate themselves.

Collaborating with the right Insurtech and sales tech partners is essential to equip them with the cutting-edge tools needed for success. This technological wave promises to streamline operations, elevate customer experiences, and enhance overall efficiency—a compelling proposition for insurers striving to remain competitive.

Yet, as they embrace these new tools and technologies, insurers face a daunting challenge: safeguarding a wealth of customer data they possess. The question arises—how can insurers ensure the protection of this invaluable asset in an era marked by rapid digitization?

In this issue, we dig deep into the intricate relationship between Insurtech tools, sales tech solutions, and the critical role of data protection. We turn to industry experts and insiders who share their insights and experiences in navigating this complex intersection of innovation and data security.

On AI and Data Jurisdiction

The laws around how you can use AI are not firmly established, but there is a lot of work going in that direction in the US, Europe, and Singapore. The Financial Conduct Authority (FCA) is very active in the UK and has created working groups to examine AI and data security implications. Additionally, there is a significant intersection and conflicting principles between regulations that govern data security measures (for example: General Data Protection Regulation (GDPR) requirements) and the concept of using data to train models in relation to AI in an open-source environment.

I advise my team to be sensible about when they input data into AI apps like ChatGPT. No customer data or company-specific information should be visible in AI. We only talk about guardrails at a principal level and emphasize using personal judgment.  We need to explicitly control the information we need for our current and future endeavors.

The crucial question is whether customers know what is happening to their data. Discussions around approaching customers for consent to use their data in AI experiments are emerging and undergoing evaluation.

On the Challenges That Insurance Companies Face Concerning Data Security

Insurers are inherently vulnerable to cyberattacks and data breaches. A significant challenge they face is the dilemma of data access. To upsell and cross-sell products, run marketing campaigns, and ultimately improve sales productivity, insurers must grant access to customer data to their sales representatives and other relevant personnel. Simultaneously, they must safeguard this data to prevent leaks and unauthorized access. The potential for data misuse by sellers adds another layer of complexity to this issue.

On the Role of Agents in Data Protection

Human Connect is the most important key to Data Protection. As technology evolves, cyberattacks have become more sophisticated, with instances of hackers using AI to mimic voices and deceive customers into disclosing their personal information. We have to be mindful of our environment and always be vigilant.

The responsibility for data protection begins with the individual. Agents and representatives handle a range of sensitive customer information, from birth details, Aadhar details, PAN numbers, and identification cards to health information and financial objectives. To mitigate risks, insurers must conduct thorough background checks before onboarding agents. Additionally, the devices used for data entry must be sanitized, and data should not be transferred from laptops. DLP (Data Leak Prevention) solutions should be centralized and strictly controlled, with USB ports disabled and email security in place.

Implementing robust controls at every layer of our digital environment is essential. Furthermore, ongoing training and awareness programs for managers and agents are imperative to ensure the highest level of data protection.

On Trends in Data Security

In the insurance industry, organizations are leveraging AI/ML to analyze human behavior and predict agent actions. These predictions enable managers to suggest corrective measures to prevent data leaks.

For instance, once data is entered into the Vymo platform, it is transferred to our cloud environment, where it becomes our responsibility to safeguard it. Our controls span from the device where data is entered and transported (data in motion) to where it is stored (database). Our database is encrypted, ensuring no unauthorized individuals can access the data. Consequently, the DLP (Data Leak Prevention) tool ensures that data cannot be leaked from our systems.

Moreover, we are ISO 27001 certified and SOC 2 Type II and GDPR compliant. These compliance affirm our commitment to securing data across all levels of our environment—from physical and database security to network and application security. Our cloud environment employs a layered approach to fortify data protection further.