Cyber War: Insurers Are Under Attack


Insurers collect a great deal of consumer data making them a prime target for cyberattacks. In fact, a report by Accenture found that insurers are hit with an average of 113 cyberattacks each year. One out of every three of those attacks results in a successful breach.  With those stats in mind, let’s take a look at three serious risks in the realm of cybercrime.

  • Foreign threats. According to Reuters, U.S. Director of National Intelligence Dan Coates has noted daily foreign attacks on federal, state, and local government networks. In his words, the threat of a “crippling cyberattack on our critical infrastructure” by a foreign actor is, at present, acute.
  • Hidden tunnels. Last month, the cybersecurity publication SC Media drew attention to a new industry exposure: “Sophisticated cyber attackers are using hidden tunnels to spy on financial firms and pilfer sensitive data and personally-identifiable information.” Disguised as encrypted web traffic, the use of these tunnels mimics and blends in with regular user behaviors – and the tunnels have been proliferating.
  • Spear phishing. This isn’t new, but it is big. With spear phishing attacks, victims are tricked into clicking on a link or email attachment, and when they do so, hackers can connect to their company systems and move through their networks. You may think your team is too smart for this, but that would be naïve. Even with full knowledge of phishing tactics, 56% of email recipients and 40% of Facebook users still clicked on links sent from unknown senders, says Property Casualty 360. The vast majority of data breaches begin with a spear phishing email. Until you prioritize cyber policies, training and monitoring, your employees will continue to unwittingly open doors for criminals.

This July, the National Association of Insurance Commissioners (NAIC) cited cybersecurity as “perhaps the most important topic for the insurance sector today.” Insurers are entrusted with vast amounts of personally-identifiable information and bear a public responsibility to keep it safe.

Three ways to be vigilant:

  1. Reduce human error. Educate your workforce on security basics: conduct system updates on time, don’t use unsecured devices, make sure every password is strong and unique, learn to recognize phishing attempts, and so on.
  2. Assume a breach will occur. Develop proactive methodology for monitoring and detecting breaches early. Many companies fail to detect a breach for months, allowing plenty of time for hackers to maximize damage. Document the policies and procedures you’ll follow if you experience a breach.
  3. Hire cutting-edge expertise. Most insurers believe that they have installed state-of-the-art cybersecurity and 72% say they have “completely embedded cybersecurity into their cultures.” Yet, the threat is always changing. Last month’s defense tactics won’t be as effective next month.

When it comes to cyber-preparedness, your work is never done. Neither is ours. That’s why Silvervine is proud to have completed the SOC 1 (SSAE 16) Type 2 examination. This confirms Silvervine’s commitment to create and maintain the most stringent controls needed to ensure the highest quality and security of services for their P&C insurance customers. To learn more about Silvervine 6.0, download our Momentum Brochure.