Preparing the Insurance Sector for Cyber Attacks

In recent weeks, an Australian health insurer, Medibank, made global headlines after falling victim to a cyber breach. The attack resulted in the names, addresses, dates of birth, phone numbers, email addresses, and health records published on a dark web forum. Almost 10 million customers, including the Australian prime minister, were impacted by the Medibank privacy breach after the firm refused to pay a ransom.

Cyber attacks against insurance companies are considered a top global risk for the financial sector and a continuing risk for the economy. Cyber threats within the financial sector mostly affect insurers, payment institutions, and credit unions.

As other financial sectors become more secure, attackers are well aware of insurance lagging behind other financial services sectors, with cyber attacks on insurance companies beginning to grow in frequency and severity.

Why Are Insurers Vulnerable to Cyber Attacks?

Financial institutions are more heavily relying on digital and remote solutions to perform daily operations. While this has brought along benefits, the increasing reliance on digital solutions has also heightened the risk of cyber attacks.

While the insurance sector is best placed to understand risk better than any other industry, insurance groups are a natural target for cyber attacks due to the substantial confidential policyholder data they hold. In contrast to other sectors, insurers typically collect considerable amounts of protected personal sensitive information that attackers can exploit for financial gain.

Besides immediate financial loss, consequences suffered by insurers following insurance-sector cyber attacks include the disruption to business, policyholders and third parties. Cyber incidents can also result in severe and long-lasting operational issues, alongside having a direct impact on all policyholders.

Cyber Threats to the Insurance Industry

Insurers are seeing an alarming spike in malware and attempted attacks, with cyber security risks considered the main trigger of other threats.

A key trend we have seen is attackers threatening to share compromised files across the web for further misuse by other criminals unless a ransom is paid. This has proven to increase pressure on victims to pay a ransom, given the potential risks of losing customer confidence and the legal/regulatory implications of exposing data.

In particular, those providing cyber insurance coverage have proved to be prime targets of ransomware, with attackers able to obtain policy details and the security standards of their customers. Companies with cyber insurance coverage are often identified by attackers as more attractive targets due to the perception that policyholders are more likely to pay ransom amounts if their insurer covers them.

The maximum ransomware amount that a cyber insurance policy covers is another crucial detail of insurance policies, with attackers taking this into consideration when calculating a ransom figure.

Preparing the Insurance Sector Against Attacks

Insurers are facing a spate of attacks from individuals testing their security measures for vulnerabilities to exploit. Having individually tailored security policies in place should be a business priority for insurers, alongside appropriately managing cyber and IT risk with active risk management to reduce the likelihood of attacks.

Ongoing training, upskilling, and keeping pace with new developments and threats to insurance companies will enable security teams to take action and mitigate the risk to insurers.

Our training pathways explore high-level offensive and defensive security content, allowing security teams to stay on top of emerging threats and advances in the industry, and are perfect for the entirety of insurance teams.

TryHackMe consists of over 560 real-world training labs to teach these topics in-action, arming your team with the knowledge needed for defensive security operations.