The insurance industry is a prime target for cybercrime as threat actors know that it is a treasure trove of sensitive data and are searching for ways to access it. Sean Tilley writes

This is evident in the growing number of insurance companies that have been hit with ransomware, phishing, and other types of cybercrime in the past year. This is supported by the IBM Cost of a Data Breach Report, which states that the financial industry was the second-hardest hit sector overall in terms of cost per breach.

According to research findings from Cybereason, the financial services industry is besieged by ransomware, data theft, and phishing attempts, ranking among the top three sectors most likely to be attacked. Notably, cybercrime has maintained its position as the most prominent global risk in this industry since 2020.  

In a crowded market, a strong cybersecurity posture can be a significant competitive advantage for any business. With insurance companies collecting large amounts of customer data and customers growing increasingly aware of the importance of cybersecurity and conscious of whom they want to give their data to, cybersecurity must be a top priority for these companies and their providers if they are to meet their various stakeholders’ requirements.

Protecting sensitive data

Insurance companies collect, manage and store massive amounts of Personal Identifiable Information (PII) which is sensitive and confidential data ranging from personal information to financial records and medical data. Keeping this information secure is paramount to not only maintaining customer trust but also to meeting regulatory requirements which stipulate how to handle customer data and are placing additional pressure on insurance companies to keep it safe.

As such, insurance companies must adapt their cybersecurity strategies to stay a step ahead of the evolving threat landscape where cybercriminals are becoming more sophisticated and are employing new tactics and technologies to breach security systems and access data.

How well do you really know your competitors?

Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.

View profiles in store

Company Profile – free sample

Thank you!

Your download email will arrive shortly

Not ready to buy yet? Download a free sample

We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form

By GlobalData

Submit

UK USA Afghanistan Åland Islands Albania Algeria American Samoa Andorra Angola Anguilla Antarctica Antigua and Barbuda Argentina Armenia Aruba Australia Austria Azerbaijan Bahamas Bahrain Bangladesh Barbados Belarus Belgium Belize Benin Bermuda Bhutan Bolivia Bonaire, Sint Eustatius and Saba Bosnia and Herzegovina Botswana Bouvet Island Brazil British Indian Ocean Territory Brunei Darussalam Bulgaria Burkina Faso Burundi Cambodia Cameroon Canada Cape Verde Cayman Islands Central African Republic Chad Chile China Christmas Island Cocos Islands Colombia Comoros Congo Democratic Republic of the Congo Cook Islands Costa Rica Côte d"Ivoire Croatia Cuba Curaçao Cyprus Czech Republic Denmark Djibouti Dominica Dominican Republic Ecuador Egypt El Salvador Equatorial Guinea Eritrea Estonia Ethiopia Falkland Islands Faroe Islands Fiji Finland France French Guiana French Polynesia French Southern Territories Gabon Gambia Georgia Germany Ghana Gibraltar Greece Greenland Grenada Guadeloupe Guam Guatemala Guernsey Guinea Guinea-Bissau Guyana Haiti Heard Island and McDonald Islands Holy See Honduras Hong Kong Hungary Iceland India Indonesia Iran Iraq Ireland Isle of Man Israel Italy Jamaica Japan Jersey Jordan Kazakhstan Kenya Kiribati North Korea South Korea Kuwait Kyrgyzstan Lao Latvia Lebanon Lesotho Liberia Libyan Arab Jamahiriya Liechtenstein Lithuania Luxembourg Macao Macedonia, The Former Yugoslav Republic of Madagascar Malawi Malaysia Maldives Mali Malta Marshall Islands Martinique Mauritania Mauritius Mayotte Mexico Micronesia Moldova Monaco Mongolia Montenegro Montserrat Morocco Mozambique Myanmar Namibia Nauru Nepal Netherlands New Caledonia New Zealand Nicaragua Niger Nigeria Niue Norfolk Island Northern Mariana Islands Norway Oman Pakistan Palau Palestinian Territory Panama Papua New Guinea Paraguay Peru Philippines Pitcairn Poland Portugal Puerto Rico Qatar Réunion Romania Russian Federation Rwanda Saint Helena, Ascension and Tristan da Cunha Saint Kitts and Nevis Saint Lucia Saint Pierre and Miquelon Saint Vincent and The Grenadines Samoa San Marino Sao Tome and Principe Saudi Arabia Senegal Serbia Seychelles Sierra Leone Singapore Slovakia Slovenia Solomon Islands Somalia South Africa South Georgia and The South Sandwich Islands Spain Sri Lanka Sudan Suriname Svalbard and Jan Mayen Swaziland Sweden Switzerland Syrian Arab Republic Taiwan Tajikistan Tanzania Thailand Timor-Leste Togo Tokelau Tonga Trinidad and Tobago Tunisia Turkey Turkmenistan Turks and Caicos Islands Tuvalu Uganda Ukraine United Arab Emirates US Minor Outlying Islands Uruguay Uzbekistan Vanuatu Venezuela Vietnam British Virgin Islands US Virgin Islands Wallis and Futuna Western Sahara Yemen Zambia Zimbabwe Kosovo

Industry * Academia & Education Aerospace, Defense & Security Agriculture Asset Management Automotive Banking & Payments Chemicals Construction Consumer Foodservice Government, trade bodies and NGOs Health & Fitness Hospitals & Healthcare HR, Staffing & Recruitment Insurance Investment Banking Legal Services Management Consulting Marketing & Advertising Media & Publishing Medical Devices Mining Oil & Gas Packaging Pharmaceuticals Power & Utilities Private Equity Real Estate Retail Sport Technology Telecom Transportation & Logistics Travel, Tourism & Hospitality Venture Capital

Tick here to opt out of curated industry news, reports, and event updates from Life Insurance International.

Submit and download

Visit our Privacy Policy for more information about our services, how we may use, process and share your personal data, including information of your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.

Eroding trust and soaring costs

Trust is the foundation of any business, and the insurance industry is no exception. Customers trust insurance providers with their personal data and in return expect these companies to have measures in place to protect this data. A data breach or cyber incident not only erodes trust, damaging the company’s reputation, but can also have severe financial ramifications for the organisation.

While it can be costly to investigate, mitigate and recover from a cyber incident, in some instances, insurance companies may be held liable for the losses incurred by their policyholders due to cybercrimes. Further cyber attacks can disrupt an insurance company’s operations, affecting its ability to serve its customers, process claims and conduct business efficiently, potentially leading to further financial losses and customer dissatisfaction.

Third-party risks

While insurance companies need to maintain stringent security standards within their organisations, it is equally important that they are aware of possible external risk factors too.

Insurance providers often collaborate with a network of third-party partners such as suppliers and outsourced partners, among others. These connections create additional vulnerabilities to the security posture of a company, while at the same time, the insurance companies retain regulatory responsibility for their third-party contracts. As such, insurance companies will be held accountable for weaknesses in their third-party partner contracts and need assurances that the same level of cybersecurity practices are in place across their third-party network. This must include ensuring that any potential risks are appropriately identified, managed, and mitigated to avoid a wider breach across the company which could affect customers.

Cyber resilience is the key to operational resilience

Building a culture of cyber resilience is key to establishing operational resilience which is a business’s ability to continue its critical functions and deliver services in the face of various disruptions. This is particularly important for insurance companies and to achieve this they will need to move beyond focusing on digital defences and look to foster a culture that anticipates and mitigates threats as they evolve. A robust cybersecurity infrastructure is the cornerstone of this resilience, serving as the foundation for all other measures.

At the same time, these organisations need to be sure to run regular system updates which are part of the foundation to ensure that its defences are equipped to handle the latest threats. Employee training also plays a crucial role in improving an insurance company’s cyber resilience and thereby operational resilience as a workforce that can identify and respond to potential threats is a powerful deterrent against ransomware attacks.

Get ready for the recovery

However, as prepared as a company’s defences are, it needs to be equally prepared for recovery after an attack as in today’s environment, it is not a case of if but when an attack will occur. Beyond prevention, cyber resilience encompasses readiness for recovery. Having a comprehensive cyber incident recovery plan in place is critical for every insurance company. This plan serves as a roadmap for navigating the aftermath of an attack, detailing the steps that it must take to recover compromised data, restore operations and mitigate damage, including periodic cyber recovery simulations to improve overall cyber resiliency posture.

Regular immutable or tamper-proof data backups are a key part of this recovery process, particularly for insurance companies that manage vast amounts of customer data. Ensuring that a recent and clean copy of vital data is always available can significantly improve the chances of a successful cyber recovery. Similarly, having clear protocols and procedures for responding to an attack and continuously monitoring and improving these measures as the threat landscape evolves can help an insurance company not only manage the situation efficiently but also minimise downtime.

Cybersecurity brings long-term viability

Cybersecurity is not a short-term concern but a fundamental component of an insurance company’s long-term viability. Those who invest in robust cybersecurity measures are better positioned to survive and thrive in a digital age, improving their cyber and operational resilience and their ability to recover quickly. Those who neglect to address cyber security adequately are likely to experience devastating consequences, affecting their finances, reputation, customer trust and legal standing.

Insurance companies can enhance their operational security and demonstrate a strong commitment to customer and societal well-being by acknowledging the significance of cybersecurity and implementing robust protective measures. After all, cybersecurity is a crucial investment for the long-term sustainability and success of the insurance sector.

Sean Tilley is the Senior Director of Sales of EMEA at 11:11 Systems