New cyber regs make SignOn Once imperative in insurance
As the industry doubles down on cybersecurity, there are changes afoot in the way agents and carriers do business.
Have you noticed lately how complicated it’s gotten to sign in to your accounts? It’s not enough to have a strong password. You may also need to enter a one-time PIN that is emailed to you or texted to your phone.
You can thank the rise in cyber crime and a host of new cybersecurity rules — from the New York Department of Financial Services Division, European Union, NAIC and federal government — for these new login requirements. As the financial services industry doubles down on these new rules, there are sure to be changes in the way agents and carriers do business. From personal data protection to multi-factor authentication, the industry is spending more time and money on digital and online security.
Cyber crime now costs an estimated $600 billion globally. In fact, the Ponemon Institute reported last year that cyber crime costs went up 23% in just one year and that the average cost to U.S. companies in the financial services sector is more than $17 million. Data breaches rose 27%, and ransomware attacks doubled.
With cyber crime an ever-growing threat, we all must do our part to safeguard our systems against attacks and make sure that our customers’ personal data is protected.
Related: 15 states most at risk from cybercrime in 2018
Password pain
The current information security landscape also means login credentials are likely to become an even bigger headache. And, as we all know, logins are the bane of an agency manager’s life.
A mid-sized insurance agency today must keep up with hundreds of employee logins to carrier portals, management systems and third-party services. That number may even rise — at least in the short-run — with the wide-scale adoption of APIs and as more smart devices are connected to an agency’s digital ecosystem.
Related: Just say no to passwords
Just maintaining secure logins to company websites can be a chore since most independent agencies work with dozens of carriers. A study done a few years ago by Centrify found that businesses lose over $420 in productivity per employee per year due to password issues. Often, it’s because users have forgotten their password or need to create a new one.
Up to 75% of the calls to carrier help desks are to reset passwords (at a cost of up to $150 per incident). Then there are real-time transaction glitches, which often occur due to password failure because the agency management system and the carrier’s website have different passwords. When you multiply all the transactions that occur in a year, just a small percentage of failures can be significant.
That’s where ID Federation comes in. ID Federation is the nonprofit organization formed a few years ago to develop a single sign-on technology for the property-casualty industry. That technology — called SignOn Once — is up and running and already starting to show positive results.
Related: A single, sign-in solution
What are the advantages of SignOn Once?
- Greater security. ID Federation has developed a trust framework (downloadable at org) to protect the security of its federated partners. By using individual credentials and tokens, and certifying identity providers (vendors such as Vertafore and Applied Systems), SignOn Once ensures logins are safe and eliminates many of the issues associated with poor password protection.
- Ease of doing business. SignOn Once allows carriers and agencies to do what they do best: sell insurance and serve clients. With a seamless, secure connection to insurance vendors and carriers, users can spend more time collaborating and less time worrying about passwords.
- A leg up on competition. As more and more agencies begin to use SignOn Once, the competitive edge will go to those companies that are federated partners and accept SignOn Once credentials.
SignOn Once won’t eliminate the additional layer of authentication required by the new cybersecurity rules, but it will reduce the number of times you and your staff have to log into systems each day. With SignOn Once, there’s just one login. As long as you remain logged in to your management system, you are able to seamlessly and securely access other federated partners.
A world with fewer passwords is well within reach. Learn more about becoming an ID Federation member and our trust framework at IDFederation.org.
Irv Kantar (Irv.Kantar@idfederation.org) is business manager of ID Federation. He has more than 30 years of experience with insurance industry automation.
The opinions are the author’s own.
See also:
What to expect: the cyber liability insurance application process