The danger within: insurance and the cyber security risk

The insurance industry is keenly aware of the fallout from cyberattacks. After all, insurers provide coverage for some of the largest players in other sectors who may be particularly prone to scammers and fraudsters, intent on disrupting business and stealing either data or money. But how much is the insurance industry doing to protect itself against attack, and how will the current economic situation affect the resilience of insurers and insurtechs to fend off cyber events?

What cyber threats should insurtechs be aware of?

The most common threats to insurance carriers and insurtechs include email phishing scams, ransomware attacks, data exfiltration and dedicated denial of service (DDoS) attacks. Insurance companies hold vast amounts of personal data, including sensitive financial data, meaning that any cyberattack could potentially have catastrophic consequences both for them as an organisation and for their customers.

It’s no surprise that the finance and insurance industries are a target. As well as the potential for unmitigated data losses, certain types of cyber events, like malware infections and DDoS attacks, have the potential to cause massive disruption to financial institutions and leave customers without access to services.

The state of the cyber threat landscape in 2022

According to the IBM Security X-Force Threat Intelligence Index 2022, server access attacks were the most prevalent type of attack targeted at finance and insurance organisations in 2021, accounting for 14% of all attacks. The relatively low percentage, despite it being the most common type of attack, shows just how varied the nature of cyber threats is.

Ransomware attacks, misconfigurations and fraud all followed closely behind, each accounting for around 10% of the overall threat landscape. Remote access tool (RAT) scams, adware and credential harvesting were also fairly common attack types aimed at financial institutions.

The IBM index also shows that, while insurance and finance continue to be major targets for fraudsters, the manufacturing industry actually overtook it in 2021 to be the single most targeted sector in the global economy. IBM predicts that weaknesses in the global supply appealed to scammers looking to exploit vulnerabilities.

It’s the first time in more than five years that finance and insurance has not been the main target, although our industry did still account for 22.4% of all cyber attacks – slightly down from 23% in 2020. This doesn’t mean that fintechs and insurtechs are off the hook, though. Businesses need to be aware of vulnerabilities in their organisastion that could expose them to the risk of a cyberattack. Unfortunately, with the rising cost of doing business and recent staff layoffs, insurtechs and insurance carriers are as vulnerable a target as any.

"Cybercriminals usually chase the money,” says Charles Henderson, Head of IBM X-Force. “Now with ransomware they are chasing leverage. Businesses should recognise that vulnerabilities are holding them in a deadlock – as ransomware actors use that to their advantage. This is a non-binary challenge. The attack surface is only growing larger, so instead of operating under the assumption that every vulnerability in their environment has been patched, businesses should operate under an assumption of compromise, and enhance their vulnerability management with a zero-trust strategy."

Rising costs could price SMEs out of cyber insurance

There are growing calls that economic difficulties will make cyber insurance less attainable for small and medium-sized enterprises (SMEs), which are more susceptible to rising prices. The market research company GlobalData has warned that SMEs could start to deprioritise cyber insurance cover in favour of other business expenses.

GlobalData found that 17% of SMEs in the UK did not have cyber insurance coverage in 2021 because it was deemed too expensive, while 29% had already cancelled their policies in a bid to cut costs. This was in spite of a growing likelihood of cyber attacks. Hybrid working and the war in Ukraine have increased the level of cyber risk to businesses, meaning insurers are unable to respond to the cost-of-living crisis by lowering their premiums. It means that SMEs have to absorb the cost – something many are not able to do – and risk leaving themselves exposed to disaster if they decide to forgo cyber insurance completely.

David Bicknell, Thematic Analyst at GlobalData, warns the problem is not isolated to the UK: “Today’s always-connected world offers a myriad of opportunities for cyber attackers to disrupt countries, organisations and individuals. A challenging worldwide geopolitical environment exacerbated by the Covid-19 pandemic – and, since February 2022, the Ukraine-Russia conflict – has gifted cyber attackers an uneven playing field, which they are actively exploiting.

“The Biden administration’s top cyber officials recently warned that more frequent cyber attacks are the ‘new normal’ for US companies and individuals. Or to put it more starkly, things are bad out there and they’re unlikely to get better anytime soon.”

Common cyber threats aimed at insurance organisations

• Server access attacks – A server access attack involves a fraudster gaining access to a company’s servers, either by taking advantage of leaked or stolen passwords or by exploiting a vulnerability in the system.
  
• Ransomware – Ransomware is infectious malware that prevents a user from accessing their files and programmes until they have paid a ransom to the scammers.
  
• Misconfiguration – A misconfiguration attack occurs when a cyber criminal identifies weaknesses in the security configurations of a web server, cloud or application.
  
• Credential harvesting – A credential harvesting or password harvesting attack involves attackers gathering a large number of compromised user accounts, usually by sending a phishing attack.
  
• RATs – Remote access trojans (RATs) are a type of malware that allows a criminal to remotely control an infected computer, including accessing the files and data stored on it.