The threat to business processes stemming from cyber security: The case of National Insurance Corporation (NIC)

Abstract

The study was carried out to evaluate the threat to business processes stemming from cyber security in insurance companies, the study focused on National Insurance Corporation (NIC). The study was based on three objectives; to establish the current cyber threats in the insurance industry, to establish the effect of cyber threats on Business Processes in the Insurance Sector and to establish the mitigation strategies used in the insurance sector to prevent cyber threats. The study used a cross sectional survey design with a pragmatic orientation following the ethos of mixed research where both quantitative and qualitative information was elicited from respondents who were agents and staff of NIC selected randomly from a determined population. The key analysis of the obtained data revealed varying levels of cyber threats awareness, mitigations and impacts among staff. Most staff were familiar with the impact and mitigations for cyber threats while specific awareness of cyber threats like malware, phishing, holing, denial of service among others had less than 30% of staff knowing the most familiar threats i.e. malware and phishing. The key recommendations out of the study are; the institutionalization of the effort to educate all staff and associates/agent about the different forms of cyber threats and the specific measures to mitigate each and the education of all staff about their joint responsibility to detect and prevent cyber threats.