Latin America. The insurance sector in Latin America is facing an expansion scenario characterized by challenges in terms of cybersecurity, caused by the absence of appropriate regulation and the management of large amounts of confidential and financial information that make it a target for cybercriminals.
Oswaldo Palacios, cybersecurity specialist for Latin America at Akamai, warned that insurers handle personally identifiable information (PII), which includes personal data, social security numbers, income details and property information, as well as company and asset data. According to Palacios, "the complexity of insurers' systems and processes can expose them to more exploitable vulnerabilities; breaches in network security, weak encryption protocols, authentication of users or non-secure devices, facilitate unauthorized access or theft of sensitive information to cybercriminals."
A study by the Ponemon Institute revealed that the insurance sector is the second most vulnerable to cyberattacks, with 85% of companies reporting incidents last year.
The impact of a cyberattack can damage an insurance company's reputation, lead to a loss of customer trust and loyalty, and lead to penalties and legal action by policyholders.
The cybersecurity market in the insurance sector will reach $10.6 billion by 2025, with a compound annual growth rate of 10.7% between 2020 and 2025, according to GlobalData.
Palacios explained that, "in Latin America, cybersecurity regulations for insurers advance unevenly between countries. The insurance sector in Latin America complies with basic regulations, which means that its digital security strategy incorporates the minimum necessary and insufficient to deal with increasingly sophisticated cyberattacks, thus generating a vulnerable environment and putting daily operations at risk."
Existing regulations require insurers to implement security mechanisms to protect personal data and have security, business continuity, and cyber incident protection policies in place. However, adapting to these regulations involves modernizing the technological infrastructure and guaranteeing the security of customer information.
In this context, micro-segmentation is presented as a relevant strategy for insurers, especially in the face of the growing use of cloud and hybrid cloud environments. According to Palacios, "Implementing micro-segmentation greatly reduces the attack surface in environments with a diverse set of deployment models and a high rate of change." He added that "even when DevOps-style application development and deployment processes are constantly changing, a micro-segmentation platform can provide continuous visibility and ensure that security policies are up to date while applications are added and updated."
Micro-segmentation also strengthens regulatory compliance and facilitates audits in the insurance industry, which continues to adapt to the demands of an evolving regulatory environment.
