Online data protection has, once again, been brought into sharp media focus this September. The hacking of the World Anti-Doping Agency (WADA) database being more than a little embarrassing for both the organisation and the athletes whose information was suddenly thrust into the public domain. Closer to our industry came the warning from the FCA that cyber-attacks against financial services was on the increase – at least 75 in the UK already this year – and that greater vigilance was needed.


A statement made all the more prescient a few days later when the FCA themselves suffered a ‘major incident’ which led to outages across their own systems. And, while this was later attributed to a hardware issue rather than an attack, the principle remains the same. Whether technical or criminal, crucial and sensitive data can be at risk if your diligence levels drop.

It’s a point of huge consideration for financial service organisations, given the enormous flow of online data and the continuing migration towards cloud-based applications. Which makes now a good time to take stock of what is expected of businesses when it comes to online data protection and remaining compliant.

The FCA has no problem with the cloud

“We see no fundamental reason why cloud services (including public cloud services) cannot be implemented, with appropriate consideration, in a manner that complies with our rules.”

So says the FCA guidance publication on financial companies’ use of cloud-based applications and third-party providers.

Central to this statement is the bit that says: “Appropriate consideration.”


Because absolute responsibility for the protection and safe-keeping of data is with the financial organisation, NOT the third-party cloud provider.

The cloud is an acceptable environment for data storage and transfer, but you must have carried out due diligence and risk-assessments to demonstrate that all reasonable measures have been taken in relation to data protection.

The PWC report: Insurance Banana Skins notes that cyber-security is the primary concern of insurance companies, given the type and volume of data they store. Making the appropriate checks and assessments is an imperative against the effects of data loss, as well as falling foul of industry regulation.

What you’re looking for in a provider

Let’s be clear, cloud computing offers exceptional new-age advantages for insurers and brokers alike. From real-time customer insight to the streamlining of sales, delivery, reporting and management of schemes.

It is the direction in which the industry is heading and a key focus area of this year’s BIBA conference. As an industry seeking to progress and keep pace with modernity, we must embrace these technological shifts and shed the fear.

But that does not mean we dive blindly into new partnerships.

In order to have faith in the technology we use, common sense dictates that we are diligent in our research. The insurance industry is founded upon the management of risk. Adopting cloud technology should be no different.

  • Maintain control of your data – As I’ve already mentioned, you are responsible for data integrity, regardless of whether you use a third-party or not. When you work with a cloud-provider you need to know where and how the data is stored, ensuring it is retrievable and usable as and when you require it. Furthermore, you need to be clear that it’s stored in a suitably segregated fashion.
  • Security – THE critical issue for an industry where data is so integral and sensitive. It might feel like a virtual wild west with all these different cloud-applications springing out of ground. Work with a provider who offers encryption, biometric locking and robust data back-up processes will offer peace of mind that your data is as secure as it can be, and that you are meeting compliance standards as laid out by the FCA
  • Accessibility – Compliance rules dictate that, should there be a requirement, your provider should have a premises which is accessible to you, as well as auditors. And that any data can be accessed whenever required by you or for audit and inspection purposes. Which is why working with an industry specific organisation, populated by real-live and actual humans, is always a good thing.

We have to recognise that we live in a world of heightened cyber risk. Of course we do. However, this is a risk like any other, where sensible protocols, reputable partners and diligent assessments can make a significant difference when it comes to repercussions. There’s no such thing as a 100% risk-free environment. If there was, there’d be no insurance industry. Cloud-applications are as safe an environment for data as you are likely to find. As long as you manage them properly.

HOW TO Change Your SchemeServe Background Dynamically By Product

You’ll (probably not) have noticed recently in our release notes that we enabled you to select a background picture for your SchemeServe [...]
1 Comment - Read More!

HOW TO Customise Your SchemeServe Footer

Good news SchemeServers! After numerous requests, we recently added the functionality into SchemeServe that enables you to customise the footer [...]
1 Comment - Read More!

Have the FCA completely lost the plot regarding auto-renewals?

Earlier this month the Financial Conduct Authority (FCA) released its policy document: Increasing transparency and engagement at renewal in [...]
6 Comments - Read More!

BIBA’s Recommended Indemnity Period Changes and What it Means to You

The issue of ‘under-insurance’ was the key behind BIBA’s launch of their Professional Indemnity Initiative earlier this summer. Releasing [...]
Read More!

Microsoft’s LinkedIn Acquisition - Benefits to Insurance Brokers?

When the announcement came that Microsoft had acquired LinkedIn in a $26.2 billion deal, the tidal wave of questions wasn’t long in coming. [...]
1 Comment - Read More!

Convenience Over Price – What Insurers Could Learn from Amazon

When we think about the process of consumers’ buying insurance online, chances are, many of our thoughts will turn towards annoying opera [...]
2 Comments - Read More!

SchemeServe join the MGAA

We’re delighted to announce that SchemeServe has joined the Managing General Agents’ Association (MGAA). The MGAA was founded in 2011 as an [...]
2 Comments - Read More!

What We Learnt From BIBA 2016

Let’s get the platitudes out of the way first – BIBA 2016 was a fantastic event. Replete with a who’s who from within our industry, and [...]
1 Comment - Read More!