Security starts at the boardroom table

Global Director, Counter Fraud Analytics and Insurance Solutions, BAE Systems Applied Intelligence Read time: 4 mins
A focus on tackling fraud and security risks sometimes concentrates more on the mechanics of a solution than the need to build a strong culture that starts at the top of the organisation, says Dennis Toomey.
Security starts at the boardroom tableCreating effective fraud and cyber defences is complex. Insurers invest substantial financial resource into recruiting and training experts to understand, analyse and counter the myriad threats facing them.
As often happens with the holders of specific skills, these individuals have, in many cases, become the gatekeepers of their specialist areas and the knowledge that accompanies them.
This is understandable, but it hampers insurers’ ability to create the necessary culture where the protection of a business is the responsibility not just of the few, but of everyone.
Responsibility starts at the top of an organisation and trickles down. All too often, however, the understanding and skill-set to engage with the technical details of IT security and the roles within anti-fraud teams is lacking at board level. This means leaders cannot effectively challenge what they are being told by experts and leaves them exposed to the risk of knowing only what those experts choose to report.
Recruiting to find these skills at the highest level – in both permanent and non-exec level roles – is vital. It means leaders will be able to both question and challenge information on cyber issues and fraud effectively, as well as communicate their knowledge to fellow board members in a meaningful way.

Clear progress is being made

Clear progress is being made on this front. Nearly a quarter of executives (22 per cent) intend to expand the current level of board engagement to mitigate cyber risk, according to a report from Kroll. A further 40 per cent are planning new initiatives to focus board members on insider cyber crime in the next 12 months.
The picture is equally encouraging when it comes to fraud awareness. In its 2016 Global Forensics Data Analytics Survey, consultants EY found that 74 per cent of C-suite respondents agreed they had to do more to improve anti-fraud procedures, and 63 per cent said they would commit at least half of their data analytics spend to proactively identifying fraud. 
Beyond the need to demystify a subject long seen as complex, there is another, perhaps more pressing imperative. The regulator has been stress testing the cyber defenses of banks for a number of years now. All the indications are that it will eventually introduce the same approach to insurers. 
This will help businesses to understand what shocks their organizations could absorb from an eventual cyber attack and what the operational impact of such a hack could be. 
Stress tests are a start in taking the challenge of financial crime out of a technical silo and making it more of a business issue. Boards are left with little option but to take a similar approach, starting to accept that they must assume a greater level of responsibility for the work their technical experts have been doing for years.
A deeper degree of understanding of those roles and the challenges they face will help cascade responsibility for security down through all the levels of the organization. Effective defenses must be shared and they must be driven from the top.
To find out more, get access to the full research below.
Future-Proof Insurance

The fight-back starts here: Future-proofing insurers against financial crime

The most successful insurers tomorrow will be those that identify and attack future challenges now. Fraud is one of the biggest challenges the industry faces, yet insurers often only offer piecemeal, incomplete defences.
Find out more
Dennis Toomey Global Director, Counter Fraud Analytics and Insurance Solutions, BAE Systems Applied Intelligence 18 July 2019