Nine in 10 insurers surveyed use computer tools to discover unauthorized devices, fewer than half used biometrics: New York State Department of Financial Services

More than a third of insurance providers responding to a recent survey reported being subject to a computer security breach, and while all respondents said they use anti-virus software, firewalls and intrusion detection tools, fewer than half said they use biometric tools, the New York State Department of Financial Services said in a recent report.

New York’s financial services department surveyed 43 entities, 12 of which were property and casualty insurance providers. The others were health and life insurance providers. DFS released survey results this month in its Report on Cyber Security in the Insurance Sector.

When asked about breaches, “58% of insurers reported that they experienced no cyber security breaches in the three years preceding the survey, excluding failed attempt,” DFS said. More than a third (35%) “reported experiencing between one and five breaches, 2% reported experiencing between six and ten, and 5% reported experiencing more than ten breaches.”

Respondents were also asked about the techniques that were used in those breaches.

“The institutions reported being the targets of a range of different hacking techniques, including intrusive, malicious software or “malware” (33%), email scams or “phishing” (23%), techniques to gain control of networked computers, such as botnets or zombies (21%), and pharming attacks, which are attempts to redirect a website’s traffic to a fake site (9%),” DFS said in the report.

DFS also polled the insurance providers on their use of certain computer security technologies.

All respondents reported they use anti-virus software, tools to detect malicious code (such as spyware or malware), firewalls, intrusion detection tools and encryption for data in transit.

Nearly all (98%) use both data loss prevention tools and file encryption, while 95% said they use vulnerability scanning tools. Ninety one per cent said they use server-based access control lists, tools to discover unauthorized devices and smart cards or other one-time password tokens.

More than six in seven (86%) of insurers surveyed reported using security correlation tools and implementing public key infrastructure systems, while 79% of respondents said they use intrusion detection systems.

“Unsurprisingly, less than half of all insurers surveyed reported the use of biometric tools, which rely on physical attributes to authenticate a person’s identity, such as fingerprint or retinal scanning,” DFS reported. “As biometric technology develops, it is expected that its use will become more widespread and cost effective.”