Insurance companies are focused on helping their clients defend against possible risks, but it’s crucial for insurance organizations to consider new and emerging risks to their own businesses as well. A recent report found that 82% of the world’s largest insurance organizations are at risk for a phishing attack, so there is a clear and present threat. Insurance companies must begin to consider cyber insurance as a fundamental coverage to stay ahead of ever-evolving digital threats.
Common Attacks on Insurance Companies
Awareness is a great first step in understanding and protecting against possible threats. Here are some of the most common ways cybercriminals attack insurance companies.
Fraudulent Funds Transfer
Fraudulent funds transfer occurs when someone pretending to be a person you know or a company you’ve worked with tricks you into sending funds to the criminal’s account number.
Ransomware
Ransomware is a form of attack where a hacker gets access to data or information and then encrypts it until a ransom is paid, often with additional threats to destroy it forever or release it publicly.
Malware
Don’t click that link! Malware attacks happen when you receive a link that may initially look secure but downloads a virus that allows hackers to access your systems and data.
Phishing
Phishing attacks mimic a trusted person or organization and then send you to a link to log in or provide your credentials. Once they have your credentials, they can access and take control of your account.
Personal Identifiable Information Accelerates the Risk of Cyber Threats
Cybercriminals are always looking for targets that provide easy access to data, and insurance companies know they fit the bill. One survey found that 100% of underwriters said ransomware and supply chain attacks are their top concerns.
Every type of insurance company collects and maintains personal information on their clients, which cyber criminals view as a potential goldmine. Hackers know that insurance companies can’t afford downtime, so they hit companies where it hurts. Many companies are likely to pay the ransom simply to keep their business operational and to retrieve stolen personal information.
The biggest disclosed ransom paid by an insurance company was a $40 million payment paid by one of the largest insurance companies in the United States. While average payments are in the hundreds of thousands, those still represent a damaging and potentially dire financial consequence for insurance companies of any size, not to mention the more hard-to-quantify effects, such as reputational damage and loss of consumer trust.
Good News: There’s Insurance for That!
Cyber Insurance is part of a comprehensive insurance strategy, as it provides a safety net in the event of a cyber attack. This type of insurance is highly specialized and tailored to the unique needs and risks of your business. For example, a health insurance company has access to different PII than a property and casualty company, but both need significant coverage.
The eSpecialty team has extensive experience in helping companies navigate their cyber insurance needs. Get started today to put our expertise to work for you!