Technology
A Focus on Data

• Gates Ouimette
• September 2018
• 

Fifteen years ago, “Data Blockers” (Best's Review, February 2003) suggested that insurers lever technology investments across functionally different business requirements and “consider integrating in some aspect, your internal security, privacy and compliance technology functions with your business continuity policies, processes and procedures.”

Since then, cybersecurity and privacy have remained intertwined and more topical than ever.

While movement toward IT integration continues, the acceleration and magnitude of security incidents and privacy breaches has made keeping up a challenge. IT's integration had taken a back seat, at least until the General Data Protection Regulation took effect May 25.

GDPR requires businesses to protect personal data and privacy of EU citizens for transactions they make, anywhere their transactions take place.

With a clearly defined focus on “knowing your data,” GDPR provides a new opportunity to look at integration across different technology processes within an insurance company and inside its cyber product and service portfolio.

The growing need to know your data due to GDPR should be considered within the context of data as the underpinning of all of IT. This data-centric view would see data privacy and compliance not as innovation inhibitors but as innovation enablers. Since data is the most critical element in a company's systems, whether public or private cloud, on-premises or mobile, the GDPR shot-in-the-arm focus on data applies to other technology mandates benefiting from the world of #knowyourdata.

Cybersecurity and business continuity planning exist to protect data. The more that's known about the data, the better it can be protected.

In the past, cybersecurity and business continuity planning functions were independent. In the emerging world of IT Resilience Orchestration, software-enabled business continuity automation is expected to include cybersecurity mitigation, as evidenced in the Gartner Group's ITRO market guides.

IT analyst Gartner's emphasis on aligning security and resiliency within ITRO further validates its role in policy, process and procedure convergence. In effect, we increasingly will be able to equate and measure IT convergence by measuring the ITRO market. That market, estimated at $373 million in 2017, projects 12% to 15% growth this year. As the concept of IT resiliency expands, ITRO will drive further convergence.

The opportunity is enormous, given vendors expect a $700 billion IT downtime problem—the very problem ITRO is designed to address. Ultimately, this problem is data-related, its security, privacy, availability and accessibility.

Driven by key objectives of recovery time and recovery point, IT resiliency solutions have matured from the goals of consistently operational systems and networks to “always on and always available” data.

That IT process convergence has launched alliances between software vendors and the insurance industry, including the “first dynamic measure of resilience to gauge risk,” part of a joint Redseal Digital and XL Catlin offering.

IT resiliency focused on data is continually more sophisticated, allowing companies to access the freshest, most accurate data. Like IT's convergence of traditionally separate policies, processes and procedures, convergence of IT vendors will be needed for ITRO to achieve its full potential within insurance businesses and their cyber portfolios.