When it comes to data privacy and cyber security, the three industries that are generally seen as the most heavily regulated are healthcare, finance and insurance. We’ve already discussed healthcare and finance, so how are insurance companies contending with the growing threat landscape? All seems quiet on the cyber security front in the insurance industry, but don’t get too comfortable—complacence can be a killer.
Learn what to look out for to avoid a cyber attack in the insurance industry and how you can protect your business.
The New York State Department of Financial Services released a report on cyber security in the insurance industry that surveyed 43 insurers with assets exceeding $3.1 trillion. These insurers indicated that the industry may not be targeted to the same level as their counterparts in the finance or healthcare industry, but there’s still plenty to worry about.
Knowing What Attackers are After is a Huge Part of the Battle
Nearly everyone in the world carries some form of insurance, so it’s not surprising that it’s a large target for cyber threats. Insurance policies require a lot of sensitive personally identifiable information (PII) and protected health information (PHI), making them extremely valuable to attackers and highly damaging should they be compromised. The move to digital files has made this data far more vulnerable to cyber attacks.
How Often Do Breaches Occur in the Insurance Sector?
In the three years leading up to the survey, 35% of companies saw between 1 and 5 data breaches while 7% saw more more than 5. That may not seem like a lot, but the survey only accounts for successful data breaches—not the failed attempts.
Cyber attacks are launched everyday against companies of all sizes, but it’s clear that insurance companies have a handle on the cyber threat landscape. There may not be millions of successful attacks, but it’s only a matter of time before an attacker breaks through.
Knowing What Attack Vectors You’re Up Against
Insurers recognize malware and phishing attacks as the key threats to their organizations. These attacks can result in communications systems disruptions, account takeovers, stolen credentials and more. While these are dangerous threats in any industry, survey respondents say the losses have generally been less than $250,000.
While the frequency and cost of data breaches in the insurance industry don’t sound so threatening, times are changing. The recent Anthem data breach resulted in millions of compromised individuals and has prompted serious repercussions. If a data breach does occur, insurers need to be ready.
Insurers Aren’t Prepared for the Latest Notification Regulations
Insurers seem to have grown complacent, but this could end up causing them major issues. About 33% of insurers said that they felt it wasn’t necessary to notify users of their data breach. In the wake of the Anthem data breach, it’s clear that this won’t cut it anymore.
In fact, the National Association of Insurance Commissioners (NAIC) recently adopted the twelve Principles for Effective Cybersecurity Insurance Regulatory Guide. Insurers may feel safe from the losses other industries are suffering, but the Principles are going to kick their cyber-security programs into high-gear.
More than half of survey respondents claimed they were content with their current security systems and saw no reason to make changes. Cyber security requires constant modification and adaptation to keep up with hackers. Don’t let yourself become complacent just because you aren’t experiencing too many problems. To make sure your security systems remain on high alert, analyze 100% of your traffic by giving them access to network data with a network TAP.