Since 2016, the finance and insurance industry has consistently ranked first in the top 10 industries that are attacked the most by cybercriminals. The number of cyberattacks in the insurance sector, specifically, has grown exponentially. Even the sector’s giants fell victim to cyberattacks in 2020 and 2021:
- Cybersecurity insurance provider Chubb was hit by the Maze ransomware group.
- CNA Financial was attacked by the Phoenix CryptoLocker ransomware.
- AXA’s Asian division was targeted by the Avaddon ransomware group.
- Global insurance brokerage AJG suffered a ransomware attack.
So why are cybercriminals target insurance companies? Here are four common reasons:
Insurance companies handle sensitive data
Nearly every American has some form of insurance, and insurance companies collect, store, and transmit large amounts of data about their policyholders, including:
- Personal information – names, addresses, contact numbers, Social Security numbers
- Financial data – income and employment details, bank statements
- Health records – lab test results, medical history, doctor’s reports
This wealth of valuable information about the insured population makes insurers an attractive target for cyberattacks. If cybercriminals get hold of such data, they can use it to commit theft or identity fraud, or launch more targeted attacks like spear phishing.
Big data and advanced analytics are unlocking high-value customer insights
Given the large amount of data that insurers collect and generate, many of them are looking for new and innovative ways to analyze data. They leverage big data and advanced analytics to better understand customer behavior, predict the outcome of claims, and inform policy issuance decisions. If such customer insights fall into the hands of cybercriminals, these could be used for illicit gain. Unfortunately, insurance companies often fall short in terms of implementing more effective measures to secure data and insights from cyberattacks.
Related article: 4 Disruptive technologies in the insurance industry
Many insurers have shifted to digital channels
Over the years, many insurance companies have invested heavily in IT. Aside from improving their traditional core IT systems (e.g., policy and claims systems), they have also introduced new digital platforms, such as insurance agents’ portals, automated policy quoting websites, and mobile apps for filing claims.
These IT investments have enabled insurers to reach more potential customers, fast-track the application process, streamline services, and boost customer satisfaction, among many other benefits. However, these digital channels have also introduced new entry points that cybercriminals could use to infiltrate insurers’ IT systems.
For example, threat actors could infect an insurer's web-based quotation portal with malware that steals the personal information people submit during the insurance application process. They could also launch credential stuffing attacks wherein they use stolen login credentials to access agents' accounts and steal client information.
They often have weak security defenses
Insurance companies tend to update their client-facing tech but fail to do the same for their legacy backend systems. Legacy systems are more susceptible to cyberattacks since they have outdated security protocols or lack sufficient encryption methods or audit trails. They are also often incompatible with modern security measures, such as multifactor authentication, single sign-on, and role-based access control. What’s more, the shortage of cybersecurity professionals makes it difficult for insurance companies to employ internal IT security staff.
In comparison to the other sectors in the financial and insurance industry, the insurance sector is a more vulnerable target. High-profile sectors like banking already have robust cyber defenses, making them far more impenetrable. As a result, cybercriminals have shifted their attention to insurance companies, which have yet to boost their cybersecurity measures.
You never have to worry about additional cybersecurity risks when you partner with Record Retrieval Services. We have multiple effective HIPAA-compliant security measures in place, so you are guaranteed safe online access to our record portal. Get in touch with us today to learn more.