Insurance companies not only assist other businesses in managing their cybersecurity risks, but they also grapple with cyberattacks directed against themselves. As cybersecurity risks increase, heightened vigilance becomes critical.
Some industries are more tempting targets for hackers than others, even though no industry is safe from cyberattacks. Companies possessing a wealth of valuable data that can be monetized and those willing to meet substantial ransomware demands are frequently targeted. Both the financial and insurance industries typically have a treasure trove of personal, health, and confidential data that makes them prime targets for cyberattacks.
This may explain why cyberattacks against these sectors increased in 2022 even as most industries experienced a slight reprieve from such incidents. According to Abnormal Security1, ransomware attacks against the financial sector (including insurance companies) increased by 75% year over year in the first quarter of 2022, mainly due to LockBit attacks against small accounting and insurance companies. LockBit ransomware encrypts and locks critical data, making it inaccessible to the victim.
According to the IBM Security X-Force Threat Intelligence Index 20232, the combined finance and insurance sector was the second most frequently targeted sector in 2022, comprising 18.9% of all attacks, just behind the manufacturing industry which held the top spot.
Not all ransomware attacks make headlines. However, some large attacks against insurance companies have recently garnered media attention:
The increase in frequency and severity of data breaches and ransomware attacks have raised concern. According to the 2023 Travelers Risk Index, 54% of participants believe it’s inevitable that their businesses will experience a cybersecurity incident.7 In an interview with Digital Insurance8 in November, Tim Francis, enterprise cyber lead at Travelers, discussed the changing risk landscape and the shift to a more dangerous level of ransomware attacks. When fully deployed, these attacks will essentially encrypt and disrupt the entire operating system, causing impacts that are much worse in terms of their longevity and financial impact.
Corvus Insurance’s latest Global Ransomware report indicates a 95% increase in ransomware activity year over year from Q3 2022 to Q3 2023.9 According to the IBM 2023 Cost of a Data Breach report10, the average cost of a data breach increased 2.3% to $4.45 million per event. Their research also revealed that 37% of ransomware victims studied did not involve law enforcement in ransomware attacks and ended up paying, on average, $470,000 higher breach costs than those that did.
Businesses cannot afford to be complacent about cybersecurity. Attacks have evolved and security measures need to keep up. Per the Travelers Risk Index7, 90% of businesses report confidence in implementing best practices to prevent or mitigate cyberattacks, yet at least 25% have not implemented basic prevention measures, such as firewall/virus protection, data backup and password updates. Maintaining offline backups of critical data can help businesses recover from a ransomware attack without giving in to demands. Travelers’ Tim Francis suggests that at a high level businesses need to at least use endpoint detection and response (EDR), multi-factor authentication (MFA), and develop a comprehensive incident response plan (IR).8
Insurers that store sensitive personal data can be prime targets for hackers. Having sensitive payment data in your system increases your security risks and your compliance burden. One Inc takes cybersecurity seriously. We adhere to industry-leading security requirements that reduce your risk of exposure, simplify your network security and compliance practices, and help to protect your policyholders from payment data theft. As a Nacha Certified Third-Party Sender, we have met rigorous standards for risk management and compliance, demonstrating the strength of our corporate controls.
Sources:
Tags: Security
The One Inc Content Team strives to provide valuable insights about digital trends and payments innovation for the insurance community.