Insurance coverage business being ravaged by excessive fee of cyberattacks

A brand new report from Black Kite exhibits the complete sector could also be ripe for ransomware assaults.

Whereas most individuals wouldn’t consider the insurance coverage sector as a spotlight for cyberattacks, new findings present that the business might have a severe safety drawback. The lately launched Cyber Insurance coverage Danger in 2022 report from Black Kite exhibits that 82% of the biggest insurance coverage carriers are the main target of ransomware assaults from cyber criminals.

The report, which examines rising cyber threat considerations and ransomware susceptibility within the insurance coverage sector, discovered that 20% of the highest 99 insurance coverage carriers have a excessive fee of vulnerability to ransomware. As well as, the frequency of software program provide chain assaults have been sharply on the rise, as the speed of hacks have elevated by 300% within the final yr alone.

“The sheer quantity of knowledge generated within the insurance coverage business makes the trouble extra worthwhile to cybercriminals,” mentioned Jeffrey Wheatman, senior vice chairman and cyber threat evangelist at Black Kite. “Insurance coverage corporations are typically bigger organizations that may’t afford downtime. Think about the outrage if a healthcare insurer couldn’t pay claims or approve medical remedies for an prolonged interval. Because of this, they’re extra more likely to pay a ransom. Not all assaults are focused, nevertheless. Generally cyber criminals simply get fortunate. If new malware is launched, it’s a matter of low-hanging fruit.”

Cyber crime is worthwhile, and insurance coverage is prepared to pay

In accordance with the report, ransomware assaults will not be solely rising of their frequency and effectiveness, but additionally their profitability. As Wheatman alludes to, most corporations within the insurance coverage enterprise are prepared to easily pay a ransom to retrieve their information and keep away from service outages. Per Black Kite’s findings, malicious cyber teams are cashing in, as the biggest ransom paid to this point by an insurance coverage firm totaled $40 million, with the common ransom coming in at $130,000.

“When requested why he robbed banks, notorious financial institution robber Willie Sutton answered, ‘as a result of that’s the place the cash is’. This identical sentiment applies to the insurance coverage sector and why it’s a goal for cybercriminals–as a result of that’s the place the info is,” Wheatman mentioned. “Cybercrime is a really profitable enterprise. It’s being taken over by skilled criminals which have extra money to take a position. AI has made attackers more practical, and the power of legislation enforcement to go after cybercriminals, whereas higher than it was, nonetheless leaves a lot to be desired.”

SEE: Google Chrome: Safety and UI suggestions you have to know (TechRepublic Premium)

Per the report, 100% of insurance coverage underwriters surveyed indicated that ransomware and provide chain assaults had been amongst their top-three largest considerations from a menace standpoint. Though cyber insurance coverage in opposition to hacks can be found, it may be extraordinarily dear if an organization is affected. Whereas this will likely assist shield companies in opposition to downtimes and canopy misplaced earnings, the premiums can skyrocket as quite a few claims start to be filed. The quantity misplaced in damages is starting to exceed the estimates for insurance coverage insurance policies, placing corporations in a tricky place in the case of threat evaluation.

To make issues even worse, the report discovered that insurance coverage corporations are additionally susceptible to phishing assaults. Of the businesses analyzed, 82% of insurance coverage corporations are prone to any such assault, signaling a necessity for the business as an entire to reevaluate its safety insurance policies and procedures.

Methods insurance coverage corporations can shore up cybersecurity

Black Kite presents two major suggestions for corporations within the insurance coverage sector to assist keep away from cyberattacks:

1. Assessment your threat portfolio on a steady foundation
2. Carry automation into the underwriting course of

By conducting fixed evaluations in threat evaluation, organizations can diagnose the place potential vulnerabilities might lie of their techniques. A lapse in these processes will be expensive, so it is suggested that these working in cybersecurity for insurance coverage corporations and always updating insurance policies to keep away from falling sufferer to the subsequent huge assault. Cyber threat assessments can also supply options corresponding to real-time assault floor monitoring, permitting for companies to all the time be on-guard and prepared for potential ransomware and phishing assaults.

“Organizations which have extra threat publicity and fewer efficient threat administration packages usually tend to fall sufferer to cybercriminals preferring the ‘let’s toss something in opposition to the wall and see what sticks’ assault makes an attempt,” Wheatman mentioned. “For organizations that depend on insurers immediately or not directly, it’s essential to grasp in real-time the place the third-party exposures are and talk the enterprise affect earlier than it turns into an issue.”

The automation of the underwriting course of may help these in insurance coverage in the case of defending delicate information by use of cyber threat rankings platforms. These platforms can take the onus off of the corporate to keep away from assault by externally-facing information from open-source intelligence assets. The automated processes then filter out the outcomes by use of dashboards and stories, permitting organizations to make efficient cybersecurity choices as wanted.