40% of major insurers worldwide had security breaches in the last year: Deloitte survey

About 40% of major insurance organizations included in a global survey have experienced one or more security breaches in the last 12 months, according to a recent report from Deloitte.

The company’s 2012 Global Financial Services Industry Security Survey, published in September, includes data from 46 major insurance companies worldwide. The insurance sector made up 18% of the total respondents for the study, which included banks and other financial institutions from 39 countries. Canadian companies comprised 5% of the study’s total respondents.

Most insurance respondents cited an insufficient budget and resources as their top barrier to an effective information security program. The next most common barrier was lack of visibility and influence within the organization. Overall, 44% of the survey’s respondents cited an insufficient budget as a primary barrier, and 28% cited increasingly sophisticated threats.

Mobile security also presents a problem for the industry. More than 80% of insurance respondents support employee-owned or corporate-owned devices, according to Deloitte. Close to 80% also have one or more dedicated resource for managing privacy, along with an information security program.

The popularity of social media has also had an impact, with 37% of overall respondents now revising their internal policies and 33% educating users about social media.

Still, many organizations are working proactively to combat security breaches. Data protection and information security governance ranked as the top two security initiatives this year, with 57% of insurance respondents saying they believe they’re adequately equipped for protecting customer sensitive data.

Nearly 70% of insurance respondents also claim to have information security programs that have “Level 3” maturity or higher on Deloitte’s five-level scale. Level 3 implies a program with defined processes and a degree of improvement over time, while Level 5 (the highest level) implies a security program with constant improvement and innovation.

Of all the survey’s respondents, nearly half (49%) claim to actively manage vulnerabilities, while 82% claim to be actively researching new threats to proactively protect the organization from emerging threats.