Headlines

The Rising Threat: Why Insurance Companies Face Major Risks in Cyberattacks

The Rising Threat: Why Insurance Companies Face Major Risks in Cyberattackscybersecurity,insurance,cyberattacks,riskmanagement,databreach,insuranceindustry,cyberinsurance,threatassessment,riskmitigation,cyberrisk
## Insurance Companies Face Increasing Cyberattacks: The Threat to Confidential Data

In recent years, insurance companies have become prime targets for cyberattackers, who are increasingly focused on exploiting the vast amount of personal, medical, corporate, and other confidential data that can be monetized after a successful breach. This trend has only intensified in 2023, with multiple insurance companies experiencing significant cyberattacks, exposing the vulnerabilities within the industry.

### Attacks on Insurance Companies

One such attack took place in June when Sun Life fell victim to an attack on its vendor, Pension Benefits Information LLC. In May, Prudential Insurance had over 320,000 customer accounts impacted, while New York Life Insurance Company had 25,700 accounts affected during the same period. Genworth Financial experienced an even larger breach, with up to 2.7 million individuals affected. These attacks were all carried out through the MOVEit file transfer cyberattack.

Not limited to MOVEit, ransomware attacks have also targeted the insurance industry. In April, Point32Health, the parent company of Harvard Pilgrim Health Care and Tufts Health Plan, fell victim to a ransomware attack. Additionally, NationsBenefits reported being a victim of the Cl0p ransomware gang. The severity of these attacks is exemplified by the Managed Care of North America (MCNA) Dental breach, which compromised the data of 9 million patients. Managed Care of North America was targeted by the LockBit attack, making it the largest cyberattack on an insurance company in the United States.

### The Digital Transformation and Growing Vulnerabilities

Consulting firm Deloitte has observed the exponential growth of cyberattacks in the insurance sector, primarily driven by the industry’s shift towards digital channels. Insurance companies are embracing digital platforms to create stronger customer relationships, offer new products, and expand their share of customers’ financial portfolios. This digital transformation necessitates increased investment in core IT systems and integrated enabling platforms. However, as insurance companies find innovative ways to analyze data, they must also prioritize safeguarding this data from cyberattacks.

### The Role of Insurance Applications as Attractive Targets

Insurance brokers and carriers have found themselves in the crosshairs of cybercriminals due to several factors. Foremost among these is the profitability of obtaining personally identifiable information and personal health information for resale. However, there are more insidious motives for targeting insurers, such as the valuable data contained within insurance applications.

Insurance applications collect a vast array of potentially useful information, including the amount of insurance a company is purchasing. Cybercriminals resorting to ransomware attacks aim to maximize their profits and do not want to leave any money on the table when demanding a ransom. Additionally, insurance products like errors and omissions policies or directors and officers policies provide valuable insights into trade secrets, private information of key company executives, and potential business transactions. Consequently, cybercriminals view insurance applications as a treasure trove of sensitive data.

### Evaluating Cybersecurity Infrastructure

Insurance clients are not the sole parties responsible for evaluating their cybersecurity infrastructure. Insurance carriers, such as Markel Insurance, are also prioritizing the protection of their own data and that of their clients. Markel is exploring technologies that can effectively microsegment their networks, restricting the lateral movement of attackers in the event of a successful breach. The ability to move laterally is a significant advantage for attackers if they manage to infiltrate a network.

Human data is always of interest to cyberattackers. Access to insurance applications or approved policies allows cybercriminals to gather valuable information about potential targets. Companies frequently insure high-value luxury items like antiques. Furthermore, they also seek insurance for trade secrets, confidential data on executives and officers, and protection against errors and omissions during business transactions. With such diverse data to exploit, breaches of insurance policies or applications can have far-reaching consequences.

### Securing Insurance Applications and Policies

To mitigate the risks associated with cyberattacks on insurance applications, industry experts recommend a proactive approach. Marc Schein, a risk management consultant at Marsh McLennan Agency, suggests that companies submit encrypted files with their insurance applications. This extra layer of security ensures that intercepted data during transmission remains unreadable to attackers.

## Editorial: Strengthening Cybersecurity in the Insurance Industry

The growing number of cyberattacks targeting insurance companies demands urgent action to strengthen cybersecurity practices. Insurance companies must recognize the critical role they play in safeguarding their clients’ confidential data and take the necessary precautions to mitigate cyber risks.

### The Imperative for Robust Cybersecurity Infrastructure

In an increasingly digital era, insurance companies must prioritize the development of robust cybersecurity infrastructure. This entails fortifying traditional core IT systems and investing in secure enabling platforms, such as agency portals, online policy applications, and web- and mobile-based apps for claims filing. Such investments are essential not only for maintaining customer trust but also to protect the vast amount of sensitive data at their disposal.

### Embracing Encryption and Secure Data Transfer

As demonstrated by the recommendation to submit encrypted files with insurance applications, encryption should become a standard practice within the insurance industry. Secure data transfer protocols should be adopted to ensure the confidentiality and integrity of customer data throughout the transmission process.

### Incorporating Lessons from Other Industries

The insurance industry can learn valuable lessons from other sectors that have successfully navigated the evolving cybersecurity landscape. Collaboration and information-sharing between industries can foster innovation and help develop industry-wide best practices for cybersecurity. Insurance companies should seek guidance from experts in fields that have witnessed similar challenges, ensuring a holistic approach to cyber risk management.

### Educating Employees and Clients

Insurance companies must engage in comprehensive awareness campaigns to educate their employees and clients about cyber threats, phishing attempts, and other potential vulnerabilities. Training programs should be implemented to teach employees how to recognize and respond to suspicious emails or attempts at social engineering. By cultivating a culture of cybersecurity awareness, insurance companies can empower their workforce to become the first line of defense against cyberattacks.

## Conclusion: Protecting the Future of the Insurance Industry

The threat landscape facing the insurance industry is evolving rapidly, necessitating a proactive and comprehensive response. Insurance companies must recognize the immense value of the data they hold and take robust steps to protect it. By fortifying their cybersecurity infrastructure, implementing encryption and secure data transfer protocols, collaborating with other industries, and prioritizing cybersecurity education, insurance companies can safeguard their operations and ultimately protect the trust and confidence of their clients.

Cybersecuritycybersecurity,insurance,cyberattacks,riskmanagement,databreach,insuranceindustry,cyberinsurance,threatassessment,riskmitigation,cyberrisk


The Rising Threat: Why Insurance Companies Face Major Risks in Cyberattacks
<< photo by Thomas Evans >>
The image is for illustrative purposes only and does not depict the actual situation.

You might want to read !