Cybersecurity has gained in importance as insurance has seen a shift towards digitalisation in the past few years, increasing the opportunity for cyberattacks. Insurers should be aware of the security threats they face and the profound implications a breach could have on their reputation. These firms hold some of the most sensitive personal data available on their customers, and losing it will result in hefty regulatory fines and further reductions in customer confidence, which is already low.

Insurance Challenges

Listed below are the key challenges facing the insurance sector, as identified by GlobalData.


Insurtech firms are generally built specifically on the cloud and pose a threat to traditional insurance firms. Cutting edge technology enhances insurtech companies’ interactions with consumers, making for a better customer experience. In addition, their platforms often optimise assessments for granting insurance, such as using artificial intelligence (AI) to perform risk assessments. The digital nature of these firms allows them to develop products faster than traditional firms, disrupting the market.

Falling profitability

Increased competition in insurance has driven down prices and caused costs to rise. Profitability has fallen across the market. Furthermore, perennially low interest rates since 2008 have hurt the industry. Insurers have made significant investments in interest sensitive assets, such as bonds, and they also sell interest rate-sensitive products to their consumers.

Due to Covid-19, insurers face claims from a number of different lines of business. Legal challenges are also being made against insurers who claim that their policies do not cover the pandemic. If the courts rule against them, this could set a dangerous precedent for insurance firms, calling into question their financial viability.

Cybersecurity risks

Insurers hold highly sensitive customer data, such as business-specific details and personal information, such as health records. This makes them a prime target for cybercrime. Regulations such as General Data Protection Regulation (GDPR) have increased the penalties for privacy breaches. Legacy systems employed by insurance firms may prove ineffective at securing against breaches.

Malicious actors evolve faster than legacy technology. Cyber accumulation risks are also present, where a single event generates a widespread impact on thousands of businesses at once, and where the accumulation of liabilities within a portfolio of policies could expose an insurance company to high financial losses.

Disappearing retail customers

A shift to online insurance means customers fragment their insurance cover and select only the items they require. For example, customers may choose pay-as-you-drive insurance over comprehensive motor cover. This means that a lot of retail business is being lost as consumers reduce their coverage.

Lack of trust in insurance firms

Insurance companies rank low in lists of the most trustworthy businesses. This is largely down to poor customer engagement. Digital communication tools can help, yet are typically neglected by insurance firms. Failure to pay out is the biggest issue that erodes customer faith and makes customers more likely to switch insurers.

Increased regulatory burden

With increasing volumes of sensitive data being held on customers, insurers are facing pressure from regulators to ensure this data is used and stored appropriately. This has become increasingly important due to the increased cybersecurity risks that insurers face in holding such valuable information.

Insurers will need to ensure that their systems are GDPR compliant. Older systems may be more expensive to update than new cloud-based tools. Insurance firms must also ensure they are in line with regulations around fair treatment of customers by ensuring specific, clearly set out fairness outcomes.


Covid-19 has been a two-pronged attack on insurance firms. Several insurers were forced to pay out to cover losses that businesses accrued due to the pandemic, hurting profitability. Furthermore, the digital shift instigated by the pandemic had led more consumers to demand to deal with their insurance digitally. This is problematic for legacy insurers with low digital capabilities.

This is an edited extract from the Cybersecurity in Insurance – Thematic Research report produced by GlobalData Thematic Research.