For some time now, I and others have been warning the insurance industry that we are vulnerable to cyber-attack, and that such attacks could be disastrous to our reputation as a trusted, rock-solid backup to accident and loss. Now, however, it appears that at least one segment of the hacking community is really just doing their break-and-enter act for entertainment. If that’s so, then our industry has little to fear.
According to an online posting from
Anonymous, says the posting, teamed up with the Lulz Security group of hackers late in June. LulzSec, which gained wide recognition for breaching the websites of Sony Corp, the Central Intelligence Agency and a British police unit among other targets, said it had accomplished its mission to disrupt corporate and government bodies for entertainment (italics mine).
Why is this good news for insurance? The answer is that if the purpose of these hacks is to entertain the perpetrators and their friends, there really isn’t too much mojo to be gained by cracking an insurance company. Surely in the status hierarchy of these crackers (“malicious, annoying people who get cheap thrill out of cracking computer codes, and breaking into systems” according to
It is certainly no secret in our industry that outsiders view us with downright boredom, unless of course there is a claim involved. By definition, a cyber-break-in achieves notoriety based to a great degree on the stature and entertainment value of the victim. If I beat my 75-year-old arthritic accountant at tennis, you probably won’t be terribly impressed, but if I beat Roger Federer (just a fantasy, I assure you), that would undoubtedly boost my personal tennis stock. So if you want to build a reputation as a top-of-the-line cyber-meddler, other industries than insurance would seem to be more appealing targets.
But let’s not get carried away with these comforting thoughts. There are still plenty of cyber-criminals out there who are doing their nefarious deeds for profit and profit only. From that point of view, insurance is just as likely a target as any industry, especially because we deal with sensitive data and often financial information. With that in mind, prior warnings about vulnerability are still very much viable, and defenses, both physical and policy-based, are advisable.
Ara C. Trembly (
Readers are encouraged to respond to Ara using the “Add Your Comments” box below. He can also be reached at ara@aratremblytechnology.com.
This blog was exclusively written for Insurance Networking News. It may not be reposted or reused without permission from Insurance Networking News.
The opinions of bloggers on