Cybercriminals are repurposing attacks used against banks to target insurance companies. Learn how Isecurdata can help your insurance business to stay cyber resilient.
A White Paper by KPMG revealed that Insurers confidently deal with massive risks daily but are lagging when it comes to cybersecurity compared with other financial services sectors. Hence, the question remains, why are cybercriminals after insurance companies?
It’s amazing how cybercriminals are repurposing attacks used against banks to target other related institutions such as insurance. With the battle ongoing between banks and cybercriminals to secure online banking channels and counter fraud; cybercriminals now direct their attacks against other financial services sectors.
Recent Insurers Security Incidents
CNA Financial Corp., one of the largest insurance companies in the US., paid $40 million in late March of 2021 to regain control of its network after a ransomware attack. The ransom was paid to the hackers about two weeks after the company’s data was stolen.
In June of 2021, Arthur J Gallagher & Co, aka AJG, a global insurance brokerage reported a ransomware attack that affected information related to certain individuals and the attack was preceded by three months of persistent access by the hackers that AJG was unable to detect.
May 2021, AXA’s Asian branch suffered a ransomware attack at the hand of Avaddon Group, an attack that disrupted business and compromised customers records in four countries – Thailand, Malaysia, Hong Kong and the Philippines.
Why Insurance Companies are Targeted
Cybercriminals have come to recognize that insurers have a huge amount of personally identifiable information (PII) about people, which is highly attractive to fraudsters and identity thieves.
Furthermore, cybercriminals know that they will have access to social security numbers, bank verification numbers, customer credit card and payment data with other data like addresses, date of birth and health information.
Cybercriminals are after these PIIs because the information is very valuable and gives plenty of opportunities for cybercriminals to succeed. The success comes from when the information gotten is being sold on the black market or used to advance other sophisticated attacks of greater gain.
Most of the attacks reported by insurance companies to date are characterized by system compromise with specific information stolen. In the above-enumerated security incidents that hit insurance companies recently, one thing that is common with them is data theft.
Consequently, cybercriminals are after the data insurers possess. Stolen data can be used for identity fraud, fraud perpetration for financial gain, sold on the black market or to further greater cyber-attacks.
However, these losses on insurance firms can result in severe and significant damages such as fines, legal fees, lawsuits and fraud monitoring costs.
Insurance companies must implement a holistic cybersecurity program that is capable of reducing cyber risks and protecting them against security breaches with sustained cyber resilience support.
At Isecurdata, we are specialised in IT managed services and optimum cybersecurity solutions. With over thirty years of IT Security experience, we can help your insurance company to implement a holistic cybersecurity program and help you stay cyber resilient.