Saturday, April 21, 2007

Insurance Industry Apathy

So I attended and exhibited at I-Day this week. Buffalo, NY! Woo-hoo! Over 1,500 members of the insurance industry from upstate NY, northern Ohio and western Pennsylvania. And do you know what I came away with? The biggest lesson I learned was that the average insurance agent isn't the slightest bit concerned with the privacy and security of their clients' information. These were agents and brokers of MAJOR insurance companies - and they were neither aware of requirements like GLBA and breach notification laws, nor were they interested in learning about them.

As a consumer of both business and individual insurance policies of all sorts, I was mortified that there was such apathy concerning whether my personal information was safe.

I suppose it shouldn't be that surprising. Agents are sales people and they have one thing in mind. But they make most of their money from recurring revenue - policies that continue to renew without the agent lifting a finger. If that's the case, you would think (or at least, I would think) that the privacy of their clients' information would be important to them. Well, at least on that day, it wasn't as important to them as the bloody mary station down the hall.

During the event, I have to admit, I was more than a little annoyed by these people who seemed to care so little about their clients. But a day removed from it now, my frustration has moved from the individual agents to the companies and brokerages that they work for. It is the employer who has the responsibility to build this awareness and concern into their employees. Yes, I want my sales people spending their time selling. But there is no excuse for a large insurance company who doesn't regularly address security and compliance issues with their employees, brokers and agents.

So I petition all of you, whether you're Allstate, Farmers, Liberty Mutual, AIG, Progressive, State Farm, Nationwide, The Hartford or Geico - PLEASE take awareness more seriously. Your agents have NO IDEA what their responsibilities are. Shoot, they don't even know what threats are out there and what regulatory requirements apply to them. PLEASE help them to protect our data. PLEASE help them to CARE about protecting our data. And PLEASE do it soon. Because right now, they are prime targets for security breaches. After what I saw this week, if I was a social engineering criminal, your agents would be my first stop.


No comments: