Widely sought after by companies, especially large American corporations, for financial protection against cyber crimes, insurance companies are becoming a preferred target of cyber criminals, precisely because of the wealth of personal, medical, corporate and other confidential information they store and can be monetized after a data breach.
This year, several insurance companies were targeted, such as Sun Life, Prudential, New York Life Insurance and Genworth Financial, among others, all victims of the cyber attack on the MOVEit file transfer software. In June, for example, Sun Life was the target of a breach through an attack on its vendor Pension Benefits Information LLC. A month earlier, in May, Prudential had more than 320 thousand customer accounts breached, while New York Life Insurance had 25.7 thousand accounts affected in the same period. Genworth Financial suffered a breach that affected up to 2.7 million customers.
In addition to MOVEit, other common ransomware attacks have also targeted the insurance industry. Point32Health, the holding company for Harvard Pilgrim Health Care and Tufts Health Plan, was hit by a ransomware attack in April, while Nations Benefits reported falling victim to the Clop ransomware gang. The largest attack in the US on an insurance company compromised 9 million patients of Managed Care of North America (MCNA) Dental, the victim of a LockBit attack.
A report from consultancy Deloitte notes that cyberattacks on the insurance industry are growing exponentially as insurers move to digital channels in an effort to create closer customer relationships, offer new products and expand their share of customers’ financial portfolios. . “This shift is driving increased investment in traditional IT systems, for example policy and claims systems, as well as in highly integrated enabling platforms such as agency portals, online policy applications, and web- and mobile-based applications. for filing complaints.”
According to the consultancy, as insurers find new and innovative ways to analyze data, they must also find ways to protect data from cyberattacks.
The reasons insurance companies are now in the hot seat are varied, but a few stand out, notes Deloitte. One of them is insurance apps. “The amount of corporate data that appears in an insurance application can be a bonanza for cybercriminals,” said Marc Schein, national co-chair of the cyber risk practice at insurance broker Marsh McLennan Agency, in an interview with the cybersecurity website DarkReading.
According to him, the applications include a wide range of potentially useful information, including how much insurance a company is, as well as some of the deficiencies a company may have in its network security. Other insurance products, such as customer or directors and officers policies, can provide valuable information about business secrets and transactions.
But experts warn that it’s not just insurance customers who need to evaluate their cybersecurity infrastructure. Companies also need to look for ways to better protect their own data, as recent data from large insurance companies in the USA clearly show.
Source: CisoAdvisor
