INFORMATION TECHNOLOGY IN INSURANCE

IT APPLICATIONS IN FUNCTIONAL AREAS

Even though the information technology has wide application in all

the spheres of the insurance business, yet following are the most
important ones in respective functional areas.

I. Marketing

The scope for use of Information Technology in marketing

function is tremendous. It may start from the consumer acquaintance
to an insurance product to claims settlement or further selling of new
products or developing consumers for the products.

Information technology can be integrated with almost all the

P’s in marketing. It may help in formulation and implementation of
various marketing strategies including pricing, promotion and
customization strategies. Some of the marketing areas are as follow:

 Consumer Awareness: The use of IT may be path

breaking for the insurance companies since conventionally the
awareness of the insurance products in India is low. With the
use of internet the information about the products and pricing
policies can be made available to the public in few seconds
and much transparency in operations can be established. There
are numerous websites available which can help the
prospective customers to compare the insurance products of
various issuers and decide the product suited to his needs.
 Customer Services: The insurance being a service needs
high concerns in terms of services. Customer service requires
maximum attention and should span the entire gamut of

39 of 73
 INFORMATION TECHNOLOGY IN INSURANCE

activities in the purchase of product i.e. right from the

dissemination of information, documentation to policy
administration and claim settlement. The service quality
standards of the new private insurance players have posed a
threat to the giants viz. the LIC and GIC. The investments in
the personnel and knowledge systems have helped private
players companies build significant domain expertise. The
emerging areas of IT applications are:
i. Market Research

ii. Consumers Targeting and Segmentation

iii. Customization of products

iv. Easy procedures like premium payments, claims

settlement, tracking of brokers and agents

v. Complaints management/ grievance handling

vi. Intermediary analysis

II. Finance
Information technology can be effectively used for internal
management viz. accounting, treasury management, financial
performance reporting etc. and as well as in resource mobilization,
portfolio management, investment planning etc.

III. Human Resource Management

Application of IT in human resource management is
obvious. It can be effectively utilized in
 Recruitment and selection
 Training

40 of 73
 INFORMATION TECHNOLOGY IN INSURANCE

 Performance appraisal
 Promotions, transfers and dismissals
 Valuations etc.

IV. Research and Development (R & D)

R & D has been made an easy task with the increasing use of
Information Technology. Surveys and research on market potential,
analysis of markets, tracking with international norms and
developments are the profound areas of IT applications.

41 of 73
 INFORMATION TECHNOLOGY IN INSURANCE

IT DEPARTMENT IN AN INSURANCE COMPANY

Functions of IT department:-
The IT department in an insurance company performs the following
functions:
 Provision of hardware and software resources
 Adoption of latest technologies for competitive advantage
 Training employees- at operating, head and controlling offices on
office automation and networks
 Advise the top management on Business Process Re-Engineering
(BPR)
 Develop, maintain and implement insurance related applications
 Maintenance of networks

Set-up
Generally the insurance organization has three-tier set-up –
Operating office, controlling offices and central office. The organization
and responsibilities of the IT department and its sub-departments is more
or less in the hierarchical order of the various offices. The IT department
at Central Office is responsible to the Chairman/CEO of the organization
for implementation of IT plan. The department is responsible for
procuring new technologies, conducting training and preparing the broad
IT policy framework. The Controlling Office and Operating Office are
respectively responsible to the Central Office. The Head of the IT
department may have the following functional managers with their
respective tasks:

42 of 73
 INFORMATION TECHNOLOGY IN INSURANCE

o Technology Manager

 Evaluation and acquisition of new technologies in hardware,

software, networking and packaged solutions
 Recruitment and supervision of system and network
engineers
 Conducting of various training programmes

o Systems Manager

 Systems analysis and design

 Functional specifications
 Development of allocation and user manuals
 Assignment of work to project leaders, system analysis and
programmers
 Evaluation of studies

o Network Manager
 Network administration (including WAN)
 User administration, systems security, e-mail etc.
 Controlling and supervision of network administrators

o Operations Manager

 Maintenance of hardware
 Job scheduling, backups and file control
 Assigning work to operators and DEOs
 Training of users
 Controlling of data flow

43 of 73
 INFORMATION TECHNOLOGY IN INSURANCE

TECHNOLOGICAL CHALLENGES

One of the most prominent challenges of e-commerce is security. It

is very evident that many users are reluctant to do business on the internet
due to security reasons.
 Database Security- The insurance business database security is
utmost important. This has to be monitored by security of the web
server and web access.
 Web Server Security- Security policies should be defined like
who is allowed access, nature of the access and who authorizes
such access? etc.
 Password Sniffing- Protection against password sniffing is to
avoid using plain text user names and reusable passwords.
 Network Scanning Programme- Automated tools should be used
to scan network. These tools check for well-known security related
bugs in network programme such as send e-mail and FTPD.
 Physical Security- One can ensure physical security by having an
alarm system that calls the police, having a key-lock on the
computer power supply.
 Web Access Security- Host based restrictions can be implemented
using a firewall to block incoming HTTP connections to a
particular web server.
 Transmission Security- Encryption is a key technology to ensure
transaction security.

44 of 73
 INFORMATION TECHNOLOGY IN INSURANCE

 Privacy- Privacy is likely to be a growing concern as internet-

based communications and commerce increase. Designers and
operators of websites who disregard the privacy of users do so at
their own peril.
SECURITY ISSUES
Security is one of the major issues required to be addressed before
implementing information technology in insurance. There is a
considerable threat of –

 Unauthorized access or loss or damage of data by hackers

 Loss and damage of data by virus.
 Unauthorized access within the network.

These issues can be addressed by the various solutions available in

the industry. These include:

Data Encryption Standards

RSA (Public and Private keys)

MAC (sequential incremental key value)

Secured socket layers

Firewalls

By properly addressing the security threats, risk of implementing

new and advanced technology in insurance can be considerably reduced.

45 of 73
 INFORMATION TECHNOLOGY IN INSURANCE

THREATS TO COMPUTER SYSTEM AND

CONTROLS

o THREATS TO HARDWARE AND SOFTWARE

Hardware is a common cause of data problems. Power can

fail, electronics age, add-in boards can be installed wrong, you can
mistype, there are accidents of all kinds, a repair technician can
actually cause problems, and magnets you don't know are there can
damage disks.

There are many different kinds of hardware threats to

electronically saved data. Some include:

o Power faults
o Age
o Equipment incompatibilities
o Typos
o Accidental or deliberate damage
o The Customer Engineer or friendly salesperson
o Problems with magnets and/or sources of static electricity

Active action on organization’s part can help it identify

problems and, perhaps, head them off early.

46 of 73
 INFORMATION TECHNOLOGY IN INSURANCE

Software interactions are a significant source of problems;

but these are inadvertent. Software attacks are deliberate and can
also be significant. Software threats can be general problems or an
attack by one or more types of malicious programs. This category
accounts for more damage to programs and data than any other.
Software problems happen and can be very serious if the
organization fails to take appropriate action in advance of the
problem.

o THREATS TO DATA AND PROGRAMMING FILES

Unauthorized Access to data is also known as hacking. Hacking

can be put into
categories like White
Hats, Black Hats and
Grey Hats. There is
also another meaning
of this, and this is not
on purpose, like
power cuts...etc.

- The White Hat

hackers supposedly hack legally to protect and secure systems
occasionally hacking into the black hats to investigate.

- The Grey Hat hackers are just in between the Black and the White
Hat hackers, meaning they sometimes hack legally and sometimes
don't.
- Then there is the Black Hat hackers are the opposite of White

47 of 73
 INFORMATION TECHNOLOGY IN INSURANCE

Hats, so they hack illegally. There are different types of Deliberate

Hacking including worms, Trojans, spy ware...etc.

o THREATS TO NETWORKING AND DATA IN TRANSIT

Threats to computers and networks have been an issue since

computers began to be used widely by the general public.
Nowadays, any computer or network that is connected to the
Internet is at risk. Breaches in library computer security are
normally caused unintentionally by curious and persistent users—
and sometimes intentionally by knowledgeable and malicious
hackers. These threats are made more possible by software that has
been installed improperly, software code that has inherent flaws
(bugs), or insecure procedures.

Basic Types of Threats

Basic types of attacks include:

• Probes and scans - Attempts to gain access or discover information

about remote computers
• Account compromise - Discovery of user accounts and their
passwords
• Packet sniffing - Capturing data that is sent across a network; the
data can contain sensitive information like passwords
• Denial of service - Flooding a network with requests that can
overwhelm it and ultimately make a computer slow down or
ultimately crash
• Malicious code - Trojan horses, worms, viruses
• Spoofing - Making a computer look like a "trusted computer"

48 of 73
 INFORMATION TECHNOLOGY IN INSURANCE

These threats can be hacked with the help of various

strategies. The choice of strategies depends upon the factors such
as cost of the chosen strategies, quality of discrimination desired,
and vulnerability of counter-feiting and customer acceptability.
Taking into consideration all these factors and the likely
development in Information Technology in the Indian financial
sectors during the coming years, the security provisions desirable
from the point of view of people involved in auditing and the users
of IT , can be listed as follows:

 Hardware And Software Controls:

At the time of acquiring the hardware and software systems

and developing or buying the new software, users of information
technology should make the enquiry and provide for built-in controls.
The literature provided by the vendors of the machine specifies the
availability of such controls. After acquiring the systems one has to
keep records of “errors” to determine the frequency of hardware
induced errors due to malfunctioning or poor performance of
equipment resulting in failure or downtime. Errors can occur also due
to inadequate training of the machine operators or due to lack of
procedures for media control and recovery procedure or due to lack of
maintaining proper temperature and humidity in the machine rooms or
power supply norms specified for the machines.

 Systems Security Controls:

These controls should be provided by the person responsible

for overall Information Technology security and safety in the
organization. That person has to find out what controls are provided
for the library (i. e. files of data and programme), procedures, online

49 of 73
 INFORMATION TECHNOLOGY IN INSURANCE

data capture, offline data communication, the master security plan and
its execution. The person in charge should also occasionally visit
computer facilities to ensure that access control systems work properly
and visit the library to check the efficiency of procedures, restriction
of access of data and programmers and documentation to ensure the
safeguarding of files while they are in use.

FIGHTING ONLINE FRAUDS – TIPS

INTERNET BROWSING SECURITY TIPS:

1. Watch your click:

You must observe click discipline while browsing through different

websites. You may land up clicking on to malicious link that could
download malicious code / software or virus on to your computer.

2. Do not download software from non-trustworthy sites:

Downloading software from non-trustworthy sites may lead to

infecting your computer with virus. Users should particularly be
careful of downloading freeware which may have Trojans installed
that would transmit your confidential information to a hacker or
fraudster without your knowledge.

3. Read privacy policy of the website:

Make sure that you read the privacy policy of the website before
parting with any personal information such as name, email id, contact
number, etc and be aware of how your information would be used by
the website owner.

50 of 73
 INFORMATION TECHNOLOGY IN INSURANCE

EMAIL SECURITY TIPS:

1. Protect your email ID

Your email ID is your identity and address on the internet and anyone
may reach you from any part of the globe in minimum time and effort.
Protect your email ID from being misused.

2. Do not publish your email ID on internet

Do not disclose your email ID on websites, chat rooms, internet blogs

or subscribe to mailing lists without having read the privacy policy of
these sites. Your email ID could be shared or sold to marketing
companies and may land up in the spam databases which become the
target for receiving spam emails.

3. Protect your email box against spam

Spam emails are unsolicited emails sent in large numbers to recipients

for sales and marketing or some promotional activities. Do not reply /
respond to spam emails as it may lead you to receiving more spam in
your email box.

4. Do not open email attachments in haste

51 of 73
 INFORMATION TECHNOLOGY IN INSURANCE

Do not open attachments received from unknown sender or

unexpected attachments from known senders. They may contain virus
infected files most of the times.

5. Do not click on the links in emails asking for confidential

information
Bear in mind that any insurance company will never send
emails to you asking for your confidential information.
Do not respond to any phishing emails by clicking on the links
given, opening any attachments or replying to the sender of the
email.
Whenever in doubt about authenticity of an email please write
to your insurance company by using their email id provided on
their website

6. Be wary of fraudulent emails

You may receive emails well crafted to establish communication with
you and lure you into a professional or personal relationship leading to
using your Bank account for financial transactions over the internet
also known as money laundering.

52 of 73
INFORMATION TECHNOLOGY IN INSURANCE

53 of 73