In recent years, insurance companies have become prime targets for cyberattackers, who are increasingly focused on exploiting the vast amount of personal, medical, corporate, and other confidential data that can be monetized after a successful breach. This trend has only intensified in 2023, with multiple insurance companies experiencing significant cyberattacks, exposing the vulnerabilities within the industry.
### Attacks on Insurance Companies
One such attack took place in June when Sun Life fell victim to an attack on its vendor, Pension Benefits Information LLC. In May, Prudential Insurance had over 320,000 customer accounts impacted, while New York Life Insurance Company had 25,700 accounts affected during the same period. Genworth Financial experienced an even larger breach, with up to 2.7 million individuals affected. These attacks were all carried out through the MOVEit file transfer cyberattack.
Not limited to MOVEit, ransomware attacks have also targeted the insurance industry. In April, Point32Health, the parent company of Harvard Pilgrim Health Care and Tufts Health Plan, fell victim to a ransomware attack. Additionally, NationsBenefits reported being a victim of the Cl0p ransomware gang. The severity of these attacks is exemplified by the Managed Care of North America (MCNA) Dental breach, which compromised the data of 9 million patients. Managed Care of North America was targeted by the LockBit attack, making it the largest cyberattack on an insurance company in the United States.
### The Digital Transformation and Growing Vulnerabilities
Consulting firm Deloitte has observed the exponential growth of cyberattacks in the insurance sector, primarily driven by the industry’s shift towards digital channels. Insurance companies are embracing digital platforms to create stronger customer relationships, offer new products, and expand their share of customers’ financial portfolios. This digital transformation necessitates increased investment in core IT systems and integrated enabling platforms. However, as insurance companies find innovative ways to analyze data, they must also prioritize safeguarding this data from cyberattacks.
### The Role of Insurance Applications as Attractive Targets
Insurance brokers and carriers have found themselves in the crosshairs of cybercriminals due to several factors. Foremost among these is the profitability of obtaining personally identifiable information and personal health information for resale. However, there are more insidious motives for targeting insurers, such as the valuable data contained within insurance applications.
Insurance applications collect a vast array of potentially useful information, including the amount of insurance a company is purchasing. Cybercriminals resorting to ransomware attacks aim to maximize their profits and do not want to leave any money on the table when demanding a ransom. Additionally, insurance products like errors and omissions policies or directors and officers policies provide valuable insights into trade secrets, private information of key company executives, and potential business transactions. Consequently, cybercriminals view insurance applications as a treasure trove of sensitive data.
### Evaluating Cybersecurity Infrastructure
Insurance clients are not the sole parties responsible for evaluating their cybersecurity infrastructure. Insurance carriers, such as Markel Insurance, are also prioritizing the protection of their own data and that of their clients. Markel is exploring technologies that can effectively microsegment their networks, restricting the lateral movement of attackers in the event of a successful breach. The ability to move laterally is a significant advantage for attackers if they manage to infiltrate a network.
Human data is always of interest to cyberattackers. Access to insurance applications or approved policies allows cybercriminals to gather valuable information about potential targets. Companies frequently insure high-value luxury items like antiques. Furthermore, they also seek insurance for trade secrets, confidential data on executives and officers, and protection against errors and omissions during business transactions. With such diverse data to exploit, breaches of insurance policies or applications can have far-reaching consequences.
### Securing Insurance Applications and Policies
To mitigate the risks associated with cyberattacks on insurance applications, industry experts recommend a proactive approach. Marc Schein, a risk management consultant at Marsh McLennan Agency, suggests that companies submit encrypted files with their insurance applications. This extra layer of security ensures that intercepted data during transmission remains unreadable to attackers.
## Editorial: Strengthening Cybersecurity in the Insurance Industry
The growing number of cyberattacks targeting insurance companies demands urgent action to strengthen cybersecurity practices. Insurance companies must recognize the critical role they play in safeguarding their clients’ confidential data and take the necessary precautions to mitigate cyber risks.
### The Imperative for Robust Cybersecurity Infrastructure
In an increasingly digital era, insurance companies must prioritize the development of robust cybersecurity infrastructure. This entails fortifying traditional core IT systems and investing in secure enabling platforms, such as agency portals, online policy applications, and web- and mobile-based apps for claims filing. Such investments are essential not only for maintaining customer trust but also to protect the vast amount of sensitive data at their disposal.
### Embracing Encryption and Secure Data Transfer
As demonstrated by the recommendation to submit encrypted files with insurance applications, encryption should become a standard practice within the insurance industry. Secure data transfer protocols should be adopted to ensure the confidentiality and integrity of customer data throughout the transmission process.
### Incorporating Lessons from Other Industries
The insurance industry can learn valuable lessons from other sectors that have successfully navigated the evolving cybersecurity landscape. Collaboration and information-sharing between industries can foster innovation and help develop industry-wide best practices for cybersecurity. Insurance companies should seek guidance from experts in fields that have witnessed similar challenges, ensuring a holistic approach to cyber risk management.
### Educating Employees and Clients
Insurance companies must engage in comprehensive awareness campaigns to educate their employees and clients about cyber threats, phishing attempts, and other potential vulnerabilities. Training programs should be implemented to teach employees how to recognize and respond to suspicious emails or attempts at social engineering. By cultivating a culture of cybersecurity awareness, insurance companies can empower their workforce to become the first line of defense against cyberattacks.
## Conclusion: Protecting the Future of the Insurance Industry
The threat landscape facing the insurance industry is evolving rapidly, necessitating a proactive and comprehensive response. Insurance companies must recognize the immense value of the data they hold and take robust steps to protect it. By fortifying their cybersecurity infrastructure, implementing encryption and secure data transfer protocols, collaborating with other industries, and prioritizing cybersecurity education, insurance companies can safeguard their operations and ultimately protect the trust and confidence of their clients.
<< photo by Thomas Evans >>
The image is for illustrative purposes only and does not depict the actual situation.
You might want to read !
- Mitiga’s Partnership with Cisco Accelerates Cybersecurity Innovation: A Game-Changer in the Making
- The Growth of Industrial-Scale Surveillance: Unveiling the Operation Behind Predator Mobile Spyware
- Intensifying Security: GitHub’s Secret Scanning Feature Expands to Cover AWS, Microsoft, Google, and Slack
- Unveiling Lu0Bot: Deep Dive into a Sophisticated Node.js Malware
- Analyzing the Complexities: Understanding the Ever-Evolving Payment Cybersecurity Landscape
- The Rising Threat of Ransomware: Is Anyone Truly Too Rich to Pay?
- Why NIST’s Role in Data Breaches is Crucial for Businesses
- The Path to Securely Embracing Cloud-Based Financial Services
- Enhancing Your Digital Defense: Unveiling the Power of Security Configuration Assessment (SCA)
- Cybercriminals Push Boundaries with Innovative Certificate Abuse Strategy
- Cyber Insurance: Leveraging Pen Testing to Mitigate Rising Costs
- Move Over: The Impact of MOVEit on Cyber Insurance Risk Assessment
- Cable Giant Volex Faces Cyber Siege: Assessing the Implications for the Digital Age
- Finding Solutions: Nurturing a Cybersecurity Workforce for the Digital Age
- Rampant Risks: Analyzing a Recent Supply Chain Attack Unleashed by a Rogue npm Package
- The Lingering Threat: Assessing the Decrease in Internet-Exposed ICS Devices
- The Role of Threat Intelligence in Risk Mitigation
- Rethinking Risk Management: Analyzing the New Landscape of NIST Framework 2.0
- Reevaluating Risk Management: Unpacking the Significance of NIST Framework 2.0
- The Rise of Non-Employee Risk Management: Protecting Against Third-Party Threats
- The Rise of Data-driven Approaches in Cyber Risk Assessment
- SecurityScorecard Reinvents Cyber Risk Management: Introducing Managed Services to Tackle Zero-Day and Supply Chain Vulnerabilities
- Examining the Future of Cyberinsurance: Resilience Secures $100 Million to Enhance Cyber Risk Platform
