The Insurance industry was the most targeted sector in Q1, 2023, according to Indusface’s State of Application Security report, with 12 times more attacks than any other sector.
Another report from the same year reveals that the insurance industry witnessed 49,844,877 cyber-attacks on 114 websites.
On average, each application in this sector was targeted by 430,000 attacks, which closely mirrors the average of 450,000 attacks per app across all industries.
Cybersecurity in Insurance: how are companies performing, and what actions should they prioritize?
What Makes Insurers A Target for Cyber Attacks?
Insurers are often on the radar of cyber-attacks because they handle sensitive and valuable data, including their customers’ personal and financial information. This makes them an attractive target for cybercriminals who seek to exploit vulnerabilities in their systems to gain access to this data for financial gain or other malicious purposes.
Insurers are also responsible for assessing and managing risk, which requires them to collect and analyze large amounts of customer data, including information about their assets, liabilities, and potential vulnerabilities. This information can be particularly valuable to cybercriminals who seek to gain a competitive advantage or target specific individuals or organizations.
Finally, insurers are also increasingly relying on technology to automate and streamline their operations, which can make them more vulnerable to cyber-attacks. Cybercriminals can exploit any technological infrastructure weaknesses to access sensitive data or disrupt their operations.
The Top Cyberthreats Targeting the Insurance Industry
Bot/ Automated Threats
The report from Indusface discovered that 51% of Indian insurance websites were subjected to DDoS requests, considerably higher than the average of 30% of sites affected by such attacks. As well as this, the growth of bot attacks is a significant worry for the Indian insurance sector.
Attackers leverage the latest technology to improve their attacks’ sophistication, speed, and accuracy. That is why we are seeing increased bot-based automated threats facing cybersecurity in the insurance industry.
Ransomware attacks occupy a central place when discussing cybersecurity and the insurance industry. In recent years, attackers have leveraged them to get insurance companies to pay large ransoms. Ransomware attacks are where the attackers install and spread malware in the network to encrypt data and systems. This will disrupt operations and may even bring the company to a complete halt.
The company would have to pay a ransom to decrypt the systems and resume operations. Attackers typically use phishing attacks or social engineering scams to spread the malware.
Phishing and Social Engineering Scams
Ever since the onset of the pandemic, the level of fear and extreme emotions have been high. By exploiting these emotions, attackers orchestrate successful phishing and social engineering scams.
For instance, attackers may send a seemingly legitimate email to victims saying that their policy is blocked until they perform a KYC in a link provided in the email or furnish some documents on a (fake) website. The unsuspecting user may do the attacker’s bidding, downloading malware, giving out confidential information or credentials, transferring money, etc.
AJG Breach, 2020: Arthur J Gallagher (AJG), a US-based global insurance brokerage and risk management firm, faced a massive ransomware attack. Investigations showed that the systems breached during this attack contained several types of sensitive information, including social security numbers, policy details, health and medical details, and much more, affecting 3 million of its customers. The company is facing class action suits and fines for non-compliance.
CNA Financial Corp Breach, 2021: CNA Financial Corporation, one of the largest insurance companies in the US, was the victim of a ransomware attack orchestrated by the Phoenix CryptoLocker group. CNA Financial had to pay a ransom of USD 40 million to regain control of its network from the attackers.
The attacker first targeted an employee’s workstation with a fake browser update delivered through a legitimate site, and a payload was installed, and the attacker gained privileges. Attackers moved laterally across the network, breaching and creating persistence on multiple devices in the network.
Attackers performed reconnaissance using legitimate tools to find and disable monitoring and security tools in the IT environment. They destroyed and disabled backups, so immediate containment may not be possible for CNA Financial.
More than 15000 systems were encrypted through this ransomware attack. 10% of its customers, employees, and others are said to have been exposed during this attack. The company is facing legal action.
The Impact of Cyberattacks on Insurance Companies
Loss of Confidential Information
When an insurer is attacked, the most significant risk is the exposure and loss of confidential corporate and individual client information. When such data is stolen, there is a high risk of identity theft, fraud, or stolen data being sold on the dark web.
Legal Action and Non-Compliance Penalties
Owing to the information the industry has access to and the work it does, it is one of the most regulated. When a data breach or cyberattack happens in the insurance sector, the company will be met with legal action, class action suits, and massive non-compliance penalties.
High Fraud Monitoring Costs
Insurance companies that don’t take cybersecurity seriously will face higher fraud monitoring costs. Why so? When customer data gets exposed during a breach, the company may be required to monitor fraudulent activities in affected customers’ accounts.
Business Interruptions and Downtimes
Another major cybersecurity impact on the insurance industry is that breaches cause business interruptions and downtimes. Recently, we have seen several high-profile ransomware and DDoS attacks that brought affected insurers to a grinding halt.
Loss of Trust and Reputation
Customers place immense trust while providing sensitive and confidential information to insurance companies. When their personal/ corporate data gets exposed or stolen owing to improper, inadequate security, it will lead to a loss of trust and massive reputation damage to the insurance company. And such reputational damage may be significant and even irreparable.
When sensitive data gets exposed, and customer trust erodes, customers may want to take their business elsewhere. So, the risk of customer attrition is high when a company doesn’t take cybersecurity in the insurance sector seriously.
Best Practices for Cybersecurity in Insurance Companies
Here are some ways that insurance companies can protect against cyber threats:
Conduct a risk assessment
The first step in protecting against cyber threats is to conduct a thorough risk assessment. This involves identifying vulnerabilities in your systems and processes and the potential impact of a cyber attack on your business. This assessment can help you identify where to focus your efforts to strengthen your cyber security defenses.
Deploy Web Application Firewall(WAF)
A WAF sits between a web application and the internet, analyzing traffic to detect and block attacks. It works by examining the traffic for malicious activity and blocking it before it can reach the web application. This is achieved through rules and policies designed to protect against known attack vectors.
One of the key benefits of a WAF is that it can virtually patch vulnerabilities in a web application. If a vulnerability is discovered, the WAF can be configured to block traffic that exploits it, even before a patch is released. This is particularly useful when a patch is not immediately available or the vulnerability is difficult to fix.
Implement strong password policies
One of the most common ways cyber attackers gain access to systems is by exploiting weak or easily guessable passwords. Strong password policies can go a long way in protecting against this attack. This includes requiring employees to use complex passwords that include a mix of letters, numbers, and special characters and to change their passwords regularly.
Educate employees on cyber security best practices
Employees can be the weakest link in your cyber security defenses, so educating them on best practices for staying safe online is important. This includes not clicking on suspicious links or email attachments, avoiding public Wi-Fi networks, and being wary of phishing scams.
Implement multi-factor authentication
Multi-factor authentication (MFA) adds an extra layer of security to your systems by requiring users to provide additional information beyond just a username and password. This could include a fingerprint scan, a one-time passcode sent to their phone, or a smart card. Implementing MFA can significantly reduce the risk of unauthorized system access.
Keep software up-to-date
Hackers often exploit vulnerabilities in outdated software to gain access to systems. By keeping your software up-to-date with the latest security patches and updates, you can help prevent these types of attacks.
Backup critical data regularly
In the event of a cyber-attack, having regular backups of your critical data can be a lifesaver. This can help you quickly restore your systems and minimize the damage from the attack.
Implement a disaster recovery plan
Even with strong cyber security measures in place, there’s always a risk of a cyber attack causing damage to your systems. That’s why it’s important to have a disaster recovery plan in place. This plan should include procedures for responding to a cyber attack, including steps for containing the attack, restoring systems, and notifying affected parties.
Work with trusted partners
Insurance companies often work with various third-party vendors, such as IT providers and data centers. It’s important to work with trusted partners who have strong cyber security measures in place themselves. You should also include provisions in your contracts with these partners that require them to adhere to your cyber security policies and procedures.
Stay up-to-date on the latest threats.
Cyber threats constantly evolve, so staying up-to-date on the latest threats and vulnerabilities is important. This includes monitoring industry news and reports and regularly reviewing your systems for vulnerabilities.
Have a cyber insurance policy.
Finally, it’s important to have a cyber insurance policy to help protect against the financial losses resulting from a cyber-attack. This policy can help cover costs such as legal fees, data recovery, and notification of affected parties.