This article was originally published in the January 2017 issue of Insurance CIO Outlook, as part of the special edition listing the Top 10 Security System Solution Providers for 2017.
The insurance arena today is a highly susceptible space with frequently changing privacy regulations, a high volume of personal information, and ever increasing sophisticated cyber-attacks. In case of a security or privacy incident, fast response and consistent regulatory assessment are critical to preserve business credibility and reduce financial damage. Helping insurance companies proactively mitigate these risks is RADAR, a patented SaaS-based incident response management platform that simplifies and streamlines compliance with federal and state data breach laws.
“We are solving a valuable business problem by addressing the operational challenges the insurance providers face every day in complying with the evergrowing and complex set of data breach laws that they and their service providers are obliged to follow,” states Mahmood Sher-Jan, CEO of the company. “RADAR provides the only purpose-built decision support solution for privacy and legal teams in a very intuitive, 100 percent consistent and scalable manner.”
No two incidents are ever the same. “That is just the complexity that makes solving this problem difficult for these organizations ,” connotes Sher-Jan. RADAR’s secret sauce in tackling this challenge is their Breach Guidance Engine™, using advanced modeling techniques to build and score thousands of profiles of what incidents could look like. “We have developed a scoring engine that enables our clients to easily capture the essence or the profile of any incident, including the incident’s risk factors, and run it through our engine to score it and heat map it, giving them the ultimate decision support capability so they can make the final call,” explains Sher-Jan.
“RADAR provides the right results in a very intuitive, 100 percent consistent and scalable manner”
– Mahmood Sher-Jan, Insurance CIO Outlook
RADAR offers quite the efficient and proactive alternative to the historically costly, inconsistent, and time consuming manual approach common across the industry. “Once you profile your incident, RADAR will provide decision-support guidance if it is likely a data breach or not, across one to over 50 states and territories, in addition to GLBA and HITECH. An incident is risk assessed within seconds, and the process fully accommodates counsel oversight, which makes RADAR so powerful,” Sher-Jan extols.
Furthermore, integrating with other incident detection and event management platforms allows RADAR to leverage these technologies to create a full-spectrum solution for detecting and managing incidents. “We are making our APIs available to GRCs and SIEM platforms because we are a natural complement to them,” says Sher-Jan. “We take the information gathered in these systems and close the loop by providing the next step: guidance to determine if an incident is a breach, whether it is notifiable, which regulatory bodies must be notified, and by what date and help our customers analyze their incident trends, root causes and ultimately use insights from their incident data to reduce risk.”
One real case scenario involves a large insurance client with a very strong compliance culture. “This client has a strong privacy culture, values their brand and is very protective of it, so they wanted the ability to perform trend analysis and needed to show consistency in times of audit,” Sher-Jan explains. “They rely on RADAR to reduce complexity of tracking all the changes in regulations and build consistency through automated incident risk scoring, while still maintaining control of the ultimate decisions.”
Providing a highly secure and intuitive experience as an operational solution is what strengthens RADAR’s value proposition, providing insight into pending legislations and ensuring their clients are always kept up-to-date with the newest compliance regulations, along with access to their legal library. What is more, RADAR cautions against over-reporting and under-reporting, reporting only the right and required amount to ensure compliance without creating unnecessary and avoidable business risk.
In the future, RADAR is looking to continue to innovate and expand the capabilities of their current offerings to meet the growing needs of financial services industry. “We pride ourselves in our competence and depth of knowledge, which is what is required to tackle this particular business challenge of such sensitivity. We are truly defining a new product and solution category,” says Sher-Jan. “The future is bright, regulatory complexities abound, and we are here to help,” he concludes.