Arrow back

Cyber risks: what are the impacts on the insurance industry?

03 March, 2022

To fail to plan is to plan to fail, and so every organisation is in a constant state of planning for both the best and worst-case scenarios.

Increasingly, cyberattacks are a significant risk to businesses across all industries but particularly the finance sector, including insurance providers. The COVID-19 pandemic has accelerated digital transformation projects for many companies, who have relied more on digital solutions during this time than ever before.

However, the insurance sector has seen heightened threat levels. So why is this the case, and what is the impact on the industry? Join us as we break down the facts and figures.

Why finance and insurance are high risk for cyber attacks

Finance companies are at a higher risk of being targeted with cyberattacks owing to the large amount of personal data, including financial data, that they process. Insurance companies will gather substantial information from policyholders to calculate the risks and premium prices.

In addition to collecting name, address, date of birth and bank details, insurance companies hold data such as car registration and value, property, and possession details.

This data is collected so that the insurance underwriters can assess the level of risk and set the premiums at the right price, to try to ensure that the company makes a profit. Where there’s sensitive data, however, there are criminals looking to steal it.

With most insurance companies now offering online services, some companies are even operating completely online, the opportunities for hackers have significantly increased from when the majority of transactions happened in a branch or over the telephone.

The same connectivity that allows employees to access company systems from home, or from different locations around the world, has increased the potential for a data breach.

Ransomware attacks have become a growing concern for insurance companies. Last year, an incident in the US forced CNA Financial Corp. to pay $40 million to regain control of its network. Hackers locked the company out of its system for two weeks, causing massive disruption before finally deciding to pay the ransom money.

Another high profile cyber-attack took place in 2015 targeting Anthem Insurance Companies, which exposed the records of almost 80 million customers. Not only did the organisation have to pay $260 million for security improvements and remediations, they also had to pay out $115 million in lawsuits from customers.

What can insurance companies do to protect their business and policyholders?

When a cyberattack targets an insurance company, there are a number of negative consequences. Policyholders can become identity theft victims. In the case of ransomware disruption, the insurance services that policyholders have paid for are not available when they need them - as the company cannot access the necessary policy data to resolve claims.

When the systems are unavailable, the cost to the business is profound. They may end up paying a ransomware release amount in the millions, just to gain control of their systems again. Add this to the compensation that will have to be paid to customers, and you can see how the cost quickly mounts up.

In addition to these costs, data breaches are a significant threat to the reputation of your business. An astonishing 70% of people would stop doing business with a company that experienced a data breach.

As a result, it’s crucial that businesses in the insurance sector and beyond must invest in their cybersecurity strategy to keep their systems as well protected as possible.

The key to a successful cybersecurity strategy is the understanding that the risk of cyberattacks must be owned across the business. For cybersecurity experts cyberattacks are not considered to be an issue simply for IT, but the responsibility of every employee. Developing a culture of cyber awareness within our employees is by far the best protection for any organisation and should be developed through regular, engaging training.

At Bob’s Business, we build innovative, engaging cybersecurity awareness training solutions with industry high engagement rates. Make sure your employees are getting tailored cybersecurity training fit for your insurance organisation, book your free consultation with a Bob’s Business expert to find out more about our highly effective training solutions.

Back to resources

Ready to build your cybersecurity culture?

Whether you’re looking for complete culture change, phishing simulations or compliance training, we have solutions that are tailor-made to fit for your organisation.

Girl with laptop
Boy with laptop
man and woman with laptops
Global Cyber Alliance