Integrating new data and technologies through mergers and acquisitions (M&A) and client engagements brings both opportunities and risks to growing insurance agencies.
But while agents excel in managing client risk, they may overlook their internal vulnerabilities. To sustain effective growth and protect their expansive operations, insurance agencies must implement a comprehensive data strategy.
“A complete data strategy is particularly important for an agency like ours mainly because of our rapid growth,” said Henry Mahler (pictured left), vice president and chief information at Oakbridge Insurance, a top 100 independent insurance agency.
“Our data set has grown significantly through M&A activity and organic growth, and we have a unique opportunity to leverage our data as a strategic asset. This not only increases operational efficiencies but also helps identify trends and areas of growth.”
Oakbridge was formed in 2020 from the merger of four legacy agencies in Georgia. This consolidation was aimed at creating a premier insurance agency in the US Southeast and beyond. The company’s growth strategy has included both acquisitions and organic expansion.
As agencies expand rapidly through acquisitions, a unified data strategy and cybersecurity framework ensures that all parts of the organization adhere to the same data standards and reduce the risk of breaches.
However, the complexity of integrating varied data sources demands meticulous planning and execution to ensure seamless and secure transitions.
According to Mahler, one area that Oakbridge has worked hard to develop is an overall “cybersecurity culture”. This includes regular communication with employees on new tactics and pitfalls that cyber threat actors deploy, as well as establishing a robust security awareness platform.
“The cybersecurity landscape changes constantly, and we have formed partnerships with industry-leading cybersecurity companies,” said Mahler.
“The ‘blocking and tackling’ of a cybersecurity program (ongoing Risk Assessments, Access Controls, MFA, audits, etc.) along with a strong internal cybersecurity culture has helped tremendously cut down on insider risk.”
Mahler also highlighted the importance of integrating IT, HR, and accounting functions efficiently to ensure consistency and standardization across the organization.
John Sweet (pictured right), director of IT operations at Oakbridge Insurance, also spoke to Insurance Business about some common pitfalls that agencies might fall into and the steps they can take to strengthen their cybersecurity.
“When we talk about data, you also have to think about security,” Sweet said. At the same time, security isn’t the sole concern; data must also be accessible and usable. Merging data from acquired agencies into Oakbridge’s systems is no small feat.
“It’s always a challenge when you’re migrating data from a third party to get the information you need to be able to move that data,” Sweet pointed out. “You might have an agency that has their own data still on their legacy system and loses sight of that.”
The complexity of data migration can lead to significant vulnerabilities for insurance agencies. One major risk is losing track of data during the transition. Such oversights can leave data vulnerable, inaccessible to the central organization, and improperly managed. Ensuring that only the necessary personnel have access to sensitive data is another challenge, he added.
Finally, for smaller independent agencies that may not have dedicated cybersecurity experts, Sweet gave some pragmatic advice: “Make sure that your technology provider is aware of your concerns, and that you make sure to let them know how important it is that their data is secure.”
He emphasized the importance of leaning on third-party technology providers for support while maintaining strong internal policies like multi-factor authentication (MFA) and restricted data sharing.
What are your thoughts on creating a robust data and cybersecurity strategy for insurance agencies? Please share your perspective in the comments.
