Cybersecurity Concerns: Rapidly Increasing Risks
Earnix Team
February 26, 2024
- Transformation
As cyberattacks continue to rise, they affect virtually every industry, but in many ways, cyber threats are especially worrisome in insurance. The amount of confidential information that appears on an insurance application is extremely appealing to cybercriminals.
Additionally, insurance companies understand they are attractive targets for cybercriminals looking to access sensitive customer information, disrupt operations, or extort money. Ransomware is still a top threat, but data breaches, the sale of policyholder data, and even state-sponsored attacks all present real security risks.
These trends were supported by our research findings from our 2023 Industry Trends Report: Insurance Operations in a Changing Industry research report. When asked what factors have had the most significant impact on insurance operations in the last two years, 40% of survey respondents named “growing cybersecurity risks” as their top concern.
Additionally, 24% of actuarial and pricing executives ranked cybersecurity risks as their most important trend.
With this feedback, it’s not surprising that survey participants believed that cybersecurity risks would have the most significant effect on insurance operations in the next two years. This was the top factor cited, ahead of other macroeconomic factors such as AI developments, climate change, and even inflation.
Their concerns are well-founded. According to Deloitte, “Cyberattacks in the insurance sector are growing exponentially as insurance companies migrate to digital channels in an effort to create tighter customer relationships, offer new products, and expand their customers’ financial portfolios.”
Unfortunately, there have been a number of successful cyberattacks against insurance companies in the last few years:
Anthem data breach:
Anthem, one of the largest health insurance companies in the United States, suffered a massive data breach that compromised the personal information of nearly 78.8 million individuals. The attackers gained access to names, birthdates, social security numbers, and other sensitive data.
AXA:
2020, the Avaddon ransomware group claimed responsibility for an attack on AXA, a multinational insurance company. The attackers stole sensitive data and threatened to release it unless a ransom was paid. The incident highlighted the growing trend of ransomware attacks targeting large corporations, including insurance providers.
CNA Financial:
CNA Financial, a major insurance company in the United States, experienced a ransomware attack in March 2021. The attackers, believed to be part of the Phoenix CryptoLocker ransomware group, demanded a ransom in exchange for decrypting the affected systems and not disclosing stolen data. The incident underscored the impact of ransomware on the insurance sector.
Equifax:
While Equifax is a credit reporting agency – not an actual insurance company – this breach is relevant due to its impact on insurers. The breach exposed the sensitive personal information of approximately 147 million people. Insurers rely on credit reports for underwriting, and the breach had implications for the broader financial industry.
The frequency and sophistication of cyber threats is on the rise, leaving insurers with real questions and concerns about how to protect themselves against significant risks and potential financial losses associated with these growing cyber threats.
Legacy Technology Increases Vulnerability
Clearly, insurance carriers realize they need to do more to protect personally identifiable information (PII) and comply with increasingly stringent data privacy regulations. This is critical as they move to a growing number of digital channels. They must also assess their customers’ overall cybersecurity risk in order to minimize this risk, develop better insurance offers, and underwrite cyber insurance policies.
Some insurers may be more vulnerable than they think. Continued reliance on legacy systems may leave many of them at risk of a growing number of cyber threats. Replacing outdated IT infrastructure with more modern insurance technology can help address these security gaps, and help insurers stay one step ahead of cybercriminals.
The Technology Edge
As the insurance industry grapples with escalating cybersecurity concerns and risks, embracing modern technology is critical to protecting sensitive data and maintaining trust. Innovations in analytics, machine learning, and collaborative platforms offer insurers powerful tools to proactively assess and mitigate cyber threats and reinforce the resilience of their digital ecosystems.
To help insurance executives understand new changes in the insurance industry, Earnix engaged the Market Strategy Group, LLC to conduct a comprehensive independent research survey. Our report, “2023 Industry Trends Report: Insurance Operations in a Changing Industry” summarizes key findings to show how other insurers are thinking about and reacting to so much change.
