Technically Speaking

The Official Bigstep Blog


Insurance Companies: What If You Leaked All Your Clients’ Data?

Stories of data breaches and data loss are becoming more common along with the exponential move to the cloud. But why? There can be multiple reasons, from server and storage misconfigurations to human errors and miscommunication between team members. Are you willing to risk having your clients’ sensitive data leaked and your insurance company image ruined? No? Then let’s find out the importance of using a proper infrastructure and a specialized team to securing data.

As of March 2021, hacks and data thefts, enabled by weak security, cover-ups or avoidable mistakes have cost these companies a total of nearly $1.3 billion and counting. Be it home, cars, health or life insurance, all insurance companies gather a lot of highly sensitive with data on a regular basis. But is this data properly secured?

Health and life insurance companies deal with the most sensitive personal and medical information on both the applicant and their family. The data that they process is even more sensitive than the one gathered for real estate or auto, since it covers not only personal identifiable information such as contact details (full names, addresses, phone numbers, and driver license numbers), but also medical diagnoses, medications taken, blood work files, electrocardiograms, and other health-related information.

Infrastructure Support & Managed Services for Proper Security

Most of the breaches and data leaks that we read about don’t happen due to a break-in into a data center, but actually due to poor configuration of the infrastructure used, or poor communication between team members. The massive switch to working from home in the last period of time can also be a contributing factor.

Opting for the services of specialist sysadmins who know when and how to apply security patches, how to properly configure the infrastructure to eliminate security risks from the start, and who constantly monitor the activity on the servers, can be your ticket to business continuity and peace of mind.

By securing your data, you secure your clients’ trust and loyalty. There is an extra layer of responsibility needed in the insurance industry when handling and processing personal data. Opting for managed services in infrastructure services can help you lower costs, increase loyalty, and boost your revenue, while also maintaining a dignified brand image.

Why Use Bare Metal Servers in the Insurance Industry?

Of course, using a dedicated server solves most of your problems. But there is a better solution for your business. Bare metal servers combine the power of dedicated servers with the flexibility of the cloud to offer:

  • Inherent security
  • 100% dedicated resources
  • Data protection
  • DDoS protection
  • Physical protection (they are hosted in a 24/7 surveillance data center)
  • Full control over your infrastructure

But also:

  • Flexibility
  • Scalability

Insurance Data & Trust

Trust is difficult to achieve, especially in the insurance industry, due to the long form contracts, the fine print, and the rules for filling out an insurance claim. Imagine having a major security breach or data leak of your clients’ personal and medical information.

There’s no turning back from that.

Besides the obvious backlash of losing people’s trust and having your brand image ruined, there are also other serious backlashes to having your clients’ data leaked:

  • Financial penalties
  • Civil penalties

In the EU, since the introduction of GDPR, taking care of the data that your company is handling is even more pivotal.

Insurance agencies have the responsibility to take extra precautions when it comes to processing sensitive data. Ensuring your hosting infrastructure is as secure as possible is one of the things you can do.

If you don’t currently use a dedicated or a bare metal server, it’s perhaps time to think about making a switch.


There are a few downsides to using a virtualized or a cloud solution:

  • “Noisy neighbours” – that eat up your hardware resources
  • The presence of the hypervisor – which lowers your speed and power
  • Security issues – they are more prone to hacking because you don’t control all layers of the system, for example, the hypervisor itself might be vulnerable/hacked
  • Miscommunication between team members – "I thought you would secure that S3 bucket"

Special Requirements for Health Insurance Companies

If you are in the insurance industry you should also consider the Health Insurance Portability and Accountability Act (HIPAA) and ISO certification requirements for your service providers.

Having your data hosted on a dedicated or a bare metal server ensures you’re in compliance with HIPAA, while opting for an ISO-certified service provider attests that you, as well as your service and infrastructure suppliers, are reliable.

Do you properly protect and secure your clients’ data? Let us know in the comments how you make sure your customers’ data is being protected.

Got a question? Need advice? We're just one click away.
Sharing is caring:TwitterFacebookLinkedinPinterestEmail

Leave a Reply

Your email address will not be published.

* Required fields to post your comments.
Please review our Privacy Notice in order to understand how we process your personal data and what are your rights in this respect.