Four Ways Insurance Companies can Improve Cybersecurity

Key Points 

With cybersecurity threats constantly looming and the costs of data breaches becoming increasingly expensive, insurance companies should develop holistic approaches to security management across their entire organization. 

While the nature of specific threats can change by the day, insurance companies should follow guiding principles in order to cultivate a security-conscious culture in the long term, particularly as remote work becomes more widespread. 

Cybercrime is one of the biggest threats that insurance companies will face, particularly as distributed workforces became the norm during the COVID-19 pandemic

Prior to the pandemic, cybersecurity threats faced by insurance companies have already been growing and evolving at an alarming rate. This has been spurred by many factors, including the internet of things (IoT). While the IoT presents opportunities for insurers, it also exposes security gaps. The severity and frequency of cyber-attacks are likely to increase. 

Insurers must commit to protecting sensitive customer information in a compliant and reliable way. The cybersecurity threat is huge. It is time for insurance companies to reboot their approaches to cybersecurity. 

The rise of remote work during the COVID-19 pandemic has amplified cybersecurity risks within the insurance industry 

Common cybersecurity threats facing the insurance industry 


Cyber extortion is increasingly becoming a common problem. Some types of ransomware attacks are so effective that victims may be forced to meet the attacker’s demands and pay a hefty bribe to get their system running again.    

Automated threats 

Credential cracking, vulnerability scanning, bad bots, credential stuffing, and denial of service can potentially shut down a company’s systems quickly.    

Identity theft and loss of confidential data 

Identity theft may result from system vulnerabilities to data breaches. For instance, files stored on a firm’s local servers may not be protected adequately. Insurers collect and store sensitive personal client information. This information can be particularly valuable for attackers to sell in black markets. They can use it as a tool for fraud, extortion, unauthorized borrowing, and many other financial crimes.   

Business disruption and reputational damage 

Cyber-attacks can seriously disrupt business. For instance, a cyber-attack on Sony Pictures erased its computer infrastructure, including telephone directories, emails, voicemails, and business records like contract templates. A malicious attack like this on an insurer could disrupt operations for months. 

The foundation of any insurance business is policyholder trust. If an insurance company were to suffer a data breach exposing policyholder information or a cyber-attack that renders it unable to conduct normal operations, that trust would be shaken. This, in turn, can lead to reputational damage that may negatively affect the confidence of investors, consumers, policyholders, and rating agencies. 

Four tips for boosting digital security in insurance: 

Assess your defense capabilities realistically 

Pressure-testing the insurance company’s defenses can determine whether they can repel targeted, high-impact attacks, whether external or internal. It includes vulnerability assessment, testing programs, penetration tests, and scenario-based testing. Consider hiring a cyber-security firm to test your defenses. 

Invest in early detection 

Insurers need to continually invest and innovate to thwart potential attackers. Early detection is crucial. Otherwise, a cyber-attack can sit undetected for weeks. 

Efficient and quick detection and response will help determine the source of the attack, the systems targeted, extent, and cause. Then, the threat can be neutralized before damage is done. Insurers need to invest in technology. There is a wide range of software solutions that provide real-time threat detection. 

Making cybersecurity everyone’s job 

While implementing sophisticated systems will reduce external threats, insurers tend to neglect internal threats such as human error, which could include revealing customer data in response to a convincing phishing email. Cybersecurity awareness among employees can significantly decrease the risk of cyber-attacks resulting from human error. 

Alert employees can provide early detection. An Accenture survey found that up to 98% of security breaches that are not detected by a firm’s security team are discovered by employees. 

Learn from the past and evolve 

Effective cybersecurity requires insurers to learn from previous cyber incidents and use this to improve planning and technology investments. Solutions include: 

  • Upgrading systems: using last-generation or unpatched security software provides easy fodder for cyber attackers. Speak to your IT consultant about upgrading your systems. 
  • Migrating systems to the cloud: the cloud provides users a wide range of compliant and secure storage solutions.  Choose a cloud provider that offers the highest possible security. 
  • Implementing appropriate security software, protocols, and appliances: this will effectively shield data and systems from automated threats. 
  • Establishing a disaster recovery plan: despite all efforts, systems can be breached. Have a detailed up-to-date plan so that you can respond effectively to any problem, major or minor. 

Cyber-crooks are relentless and determined. Security is an ongoing battle. You can’t afford to let down your guard a second.  Staying one step ahead of hackers takes constant effort. 

About the author

Author Mike de Waal

Award-winning, results-driven, and experienced leader with a passion for innovation, technology, and the employee benefits industry.