Insurance Companies are New Targets for Cyberattacks
Insurance products provide a haven of security for customers, but who is there for the insurance companies themselves in a time of need? Recent events point to an unsettling trend of targeted cyber-attacks against insurance companies that are causing major disruptions in the industry.
Cybercriminals have set their sights on insurance companies’ digital properties, launching sophisticated and crippling attacks to exfiltrate data. Examples of the criminals’ techniques include:
- Infiltrating carriers’ automated quoting websites to steal customers’ non-public information (NPI).
- Exploiting legitimate web tools to access customer data in transit from third-party data providers that populate the carriers’ sites.
- Compromising agent-only websites using “credential-stuffing” attacks to gain access to customer data.
These events leave a long trail of victims. In addition to causing major disruption and distress to the insurance company, the stolen customer data is used to perpetrate fraud and other forms of identity crime against individual insurance agents, prospects and policyholders.
Digital Transformation Made Insurance a Cyber Target
Unfortunately, it is the insurance industry’s efforts to strengthen customer relationships and deliver modern digital service that have introduced new forms of cyber risk. As the industry increases digital investments and becomes more innovative, thieves and fraudsters are awakening to new opportunities to seize upon vast amounts of personal information that most often the insurance company has purchased to speed up the customer acquisition process.
As an industry that strenuously avoids risk, insurance companies are in a difficult spot. Digitization is essential for meeting customer expectations for convenient, streamlined service and to expand insurers’ reach and customer base. To effectively manage the new arena of cyber risk, partnership with cyber experts can help insurers safely modernize.
Proactive Cyber Services Enable Swift Incident Response
Cyberscout, a Sontiq brand, is a trusted cyber partner in the insurance industry. In addition to providing the marketplace with progressive cyber products, Cyberscout offers incident response services that give insurers swift access to an experienced response team. In the wake of the recent insurance industry attacks, Cyberscout has deployed a variety of tools and services to restore systems, field calls from customers, conduct forensic investigations and retain customer trust.
Tips to Reduce Hacking Risk on Insurance Quoting Websites
Cyberscout recommends that insurers take the following immediate actions to reduce cyber risks, and to reach out to learn more about how to enlist Cyberscout’s cyber services.
- Disable display of third-party NPI data on public-facing sites
- Ensure APIs are not directly accessible
- Install a web application firewall
- Implement CAPTCHA
Learn more about Sontiq’s Cyberscout and the innovative solutions for Commercial and Personal Cyber protection and Cyber Claim Resolution.
Insurance industry targeted in latest threat by cyber criminals using carriers’ automated quoting website to steal customers’ non-public information.