Accenture finds that 97% of insurers believe they have what it takes to be an attractive ecosystem partner. However, only 26% of insurers believe that their ecosystem partners are working as diligently as they are to improve their security resilience.
Insurers must conduct some form of a security review or audit of potential partners before embedding them into their ecosystem.
As insurance companies grow their digital ecosystems with third-party vendors (e.g., software-as-a-service, cloud service providers), it is critical to seek out service providers with strict data-handling procedures and strong cybersecurity credentials.
Service Organization Control 2 Certification (SOC 2)
One highly respected certification is SOC 2. Developed by the American Institute of CPAs (AICPA), a SOC 2 certification is an industry-standard auditing procedure and internal controls report that ensures service providers uphold specific standards when handling customer data.
To obtain a SOC 2 certification, outside auditors such as the American Institute of Certified Public Accountants assess how a vendor complies with IT security compliance requirements.
The auditors specifically examine the effectiveness of policies and systems on data security, processing integrity, confidentiality, and customer information privacy.