In June, four major insurers,
Unlike ransomware tactics, this recent wave of cyber incidents focused on data exfiltration, using social engineering and credential theft to access systems. This type of attack is not only faster to execute but also harder to detect, particularly if there's no immediate malicious activity apart from unauthorized access.
Why insurers are in the crosshairs
Insurance companies possess a goldmine of sensitive personal and financial data that can be lucrative to attackers. Once they gain access to systems and data, malicious actors can use their access for extortion, to sell data, or to launch further attacks. Insurers' increasingly digital operations contribute to elevated risk.
Today's complex digital insurance ecosystems include many third-party services that support sales, claims, underwriting, customer service, and other key business functions. The integration among these systems creates a wide attack surface. A breach anywhere can quickly compromise others across the ecosystem. According to
Rapid adoption of artificial intelligence (AI) is also a factor. Many organizations haven't developed enough expertise to secure AI models that analyze internal and external data, potentially allowing users to access information they shouldn't have.
Six essentials for strengthening your cybersecurity posture
1. Plan and prepare rigorously
Protection from cyber risks begins with strong incident response and business continuity planning developed with the same rigor as preparations for a natural disaster. A plan should clearly define actions and responsibilities for the first hours, days, and weeks following the discovery of a breach. It is vital to prioritize processes and supporting systems for recovery. Grouping processes and systems into tiers helps focus efforts where they are most needed.
Planning should encompass not only operational continuity but also reputational risk. The quality, timeliness, and openness of response will go a long way toward determining the long-term consequences. Processes for notifying and safeguarding customers such as providing credit monitoring or identity theft coverage should be ready to implement. Waiting to formalize a response plan until after an incident occurs is too late.
There are several areas where preparation efforts often fall short. In many cases, IT/cyber or business teams develop plans within their own operating silos. To ensure proper prioritization, this must be a collaborative effort with full IT and business participation. Furthermore, many organizations develop a cyber-attack plan and then set it aside, only revisiting it if an incident occurs. Regular exercises and drills are essential for maintaining readiness. Finally, since the threat landscape is constantly changing, it is vital to conduct regular risk assessments and update plans accordingly.
2. Know your assets
Every company should maintain a real-time inventory of systems, data flows, and third-party connections. This information supports planning and is a critical resource when quick action is required. Because digital transformation moves fast in most companies, assets are constantly changing, so make sure your inventory is up to date.
3. Prioritize data governance
Comprehensive data governance includes classifying data, implementing and enforcing protections like encryption, and deploying suitable data loss prevention tools. If an intruder leverages an employee ID, effective data governance helps control the intruder's degree of access.
Data governance becomes especially important as AI use increases. Make sure you have the fundamentals in place for using AI securely before accelerating adoption.
4. Monitor continuously
Monitoring should include advanced logging, anomaly detection, and continuous threat hunting. You should be able to identify patterns that deviate from expected behaviors, for example, an employee ID acting in a way that is inconsistent with the associated role.
While the business's use of AI increases cyber risk, AI can also improve monitoring through faster and more effective trend analysis.
5. Tailored training for frequently targeted roles
Recent incidents highlight a critical vulnerability for insurance companies: the ability to access actual employee identities to infiltrate systems. Attackers are using sophisticated methods, such as impersonating employees, to target help desk staff. Finance and HR teams are also frequent targets because of the sensitive data they manage.
Although cyber awareness programs are standard, many organizations do not provide sufficient or tailored training for those at the highest risk. Advanced training should focus on understanding vulnerabilities, recognizing warning signs, and taking appropriate actions.
6. Increase the rigor around third-parties
Insurers recognize the importance of thorough third-party assessments, but many could improve their efforts. This process should include due diligence before establishing the relationship and continuous evaluation thereafter. It's essential to understand these parties and how they manage their environments: Who has access to your systems, environment, or data, and how do they vet employees? What security controls do they have in place?
Not all partners pose the same level of risk, so categorize third-party relationships into tiers based on their risk level and access. Tiering ensures you can focus your resources where they are most needed.
Don't hit snooze
Insurers are primary targets for malicious actors. With a responsibility to protect high volumes of sensitive data, you cannot afford to defer action.
The cyber risk environment will only become more complex, as new players and tactics emerge, state privacy laws and reporting rules shift, and regulation and government oversight increase. Insurers that adopt proactive security measures and build resilience into their systems today position themselves to minimize the impacts of future incidents and effectively safeguard their business and customers.
