IVANS said the survey indicates that the majority of Internet usersespecially younger, more experienced usersare “concerned and skeptical” about their information being sent over the Internet. Survey respondents most concerned about security of their medical data on the Internet were between 35 and 44 years of age.

Survey respondents with household incomes between $15,000 and $25,000 were the most concerned about their personal property information being sent over the Internet.

One interesting trend, however, was that respondents grew less concerned about Internet transactions as their income levels rose.

The results came from a telephone survey of more than 2,000 adults conducted by Opinion Research Corp. International of Princeton, N.J. this past October. The survey asked about Internet information transfers that are “a transaction away from a consumers transaction,” as well as direct sending of information from consumers to companies and agents, said Clare DeNicola, senior vice president of network services for IVANS.

“There is a real opportunity for health and property-casualty insurers to educate consumers about the security measures they have taken to protect personal insurance data being sent over the Internet,” noted Ms. DeNicola. “The survey results show that many consumers are not yet aware of the advanced networking technologies available today that can protect their data on the Internet.”

But are insurers actually taking such security measures? “Some companies are doing nothing, some are doing very little, and some are doing the whole spectrum,” Ms. DeNicola said. “Most are doing encryption [of data] at a minimum, while others are taking the next step and securing their own virtual private networks.”

Encryption turns data into a coded stream of information that can only be read by an authorized party who has the key to the code. A virtual private network (VPN) is a computer network that is part of a public network, but appears to the customer to be a private national or international network. These systems use encryption and other security methods to ensure that only authorized users can access the network.

“In health insurance, for example, some [security measures] are mandated,” said Ms. DeNicola. “We have quite a few health insurers using secured network services, not even using the Internet.”

She added, however, that carriers need to let consumers know that the safeguards are there. “Some insurers do say that your data is protected, but many dont,” she pointed out.

The survey also revealed, however, that consumer trust is a key issue in e-commerce.

“In order for e-commerce to be truly effective for the [insurance] industry, consumer trust must be secured,” the survey noted. “The smallest violation of a consumers trust would be devastating and could destroy a companys credibility. Insurers need to make sure consumers understand what is being done to protect their data.”

According to Judy Johnson, vice president of insurance strategy for Sapiens Americas in Cary, N.C., consumers are “absolutely justified” in feeling skeptical about the security of online transactions.

“The issue is not about whether the Internet is secure. The issue is about whether we can trust the insurance company to do the right thing,” she stated.

When it comes to security measures for online transactions, said Ms. Johnson, insurers “arent doing a lot,” despite the fact that levels of concern have been raised after the attacks of Sept. 11, 2001, and that there has been increased media focus on terrorism and cyberterrorism.

“The lack of trust resides where it has always resided,” she noted. “[Consumers] dont trust the insurance industry to handle the information properly.”

She added that insurers have “very perfunctorily” sent out privacy information as mandated by the Gramm-Leach-Bliley Act, “but the business hasnt changed fundamentally. They havent reached out to explain how concerned they are about protecting information involved in transactions.”

While good security technology already exists, insurers have been slow to adopt it, according to Ms. Johnson.

“The insurance industry has never felt the need to explain itself to the rest of the world,” she said. “Theyre saying weve got you by the short hairs; heres our stuff.” She acknowledges that some companies have done marketing campaigns to raise trust levels, but said that the industry as a whole “hasnt shown by either activities or communications that it has changed its ways.”

Ms. Johnson asserted that the insurance industry “gained tremendous ground in terms of trust” after 9/11 by saying it would pay all related claims. “Then they marched backward, saying were never going to do this again; how do we get out of this? They gained trust, then they turned around and threw it away.”

“I dont know if its just an Internet issue,” said Chuck Johnston, formerly an insurance analyst with Stamford, Conn.-based Meta Group. “I think people in general are more concerned about privacy after all the publicity around [the Health Insurance Portability Act] initiatives and increasing awareness of identity theft, which can make a mess of your life.”

“Its not about the Internet being insecure,” he added. “Consumers are seeing a higher value in their personal information.”

What can insurers do to regain consumer trust in the area of online information transfers?

IVANS Ms. DeNicola said insurers should closely examine all their online communications and assess their own levels of security. “Then go and advertise what youre doing. Consumers need to be educated.” The education should be part of communications to insureds, posted on the carriers Web site, and extended to agents,” she added.

“Insurers need full disclosure of both security and privacy efforts, not only as part of [complying with] legal acts,” said Mr. Johnston. “They need to be very transparent and very public about what theyre doing.”

Some insurers, Mr. Johnston added, may be concerned that too much disclosure could create a “warranty,” which would potentially leave them open to a lawsuit if information were compromised despite a carriers security and privacy efforts. “This could make insurers reluctant to guarantee safety about data, but its important for them to publicize what theyre doing,” he said. “Its an education issue.”

Sapiens Ms. Johnson agreed that “part of the solution is marketing,” but “the more fundamental piece is that insurers have to look at what theyre doing, clean up their business processes, and understand how to make transactions as safe and secure as possible.”

Ms. Johnson pointed to insurers with a “people oriented” reputation, such as USAA. “Every time a customer calls, they are handled properly and immediately,” she observed, adding that if the IVANS survey had queried only USAA customers, “skepticism about online transfers wouldnt be nearly as high.

“You dont need a computer-animated gecko,” she concluded.

Reproduced from National Underwriter Property & Casualty/Risk & Benefits Management Edition, December 16, 2002. Copyright 2002 by The National Underwriter Company in the serial publication. All rights reserved.Copyright in this article as an independent work may be held by the author.