The Insurance industry is one of the richest data-driven businesses there are. They collect their customers’ financial, medical, professional, and personal information. This is why they have the obligation to protect such data and keep it safe. Consequently, cyber-attacks to insurance companies can be devastating and put at risk millions of people’s information.
During the last couple of years, we saw some of the worst cyber-attacks in history, with the NotPetya attack costing billions of dollars. This malicious ransomware attacked hundreds of companies around the world. Such vulnerability within the insurance industry could be as destructive, or even more than NotPetya was.
Cyber-attacks to insurance companies target one specific branch of the business. According to WebMD, hackers are targeting medical data, and health insurance providers are particularly at risk. From all the data breaches that took place between 2010 and 2017, 63% of them involved medical data. This represents a total of 132 million medical records being breached that year.
The most damaging cyber-attacks to insurance companies, however, were detected during 2015. Insurance providers such as Anthem, Premera Blue Cross, and CareFirst Blue Cross Blue Shield had almost 100 million records stolen during cyber-attacks. Not only that but in 2017 Anthem confirmed that the records of 18,500 customers had been compromised too.
Despite the amount of sensitive information insurance companies have collected for years, digitalization of the business caught insurers off guard. This creates several challenges that insurance companies are currently facing. Even when several insurers are investing more in cybersecurity, there are still weak areas within the business that hackers take advantage of.
According to the 19th EY Global Information Security Survey by Ernst & Young, 49% of the 1755 insurance companies that took part in the survey discovered incidents of cybersecurity. Besides, 71% of those companies considered themselves ready to face an attack of this kind. Interestingly enough, only 11% of the companies believed they were taking the proper security measures to protect data.
There is a clear need for a better understanding of cybersecurity within the insurance industry. The current lack of proper measures to prevent hackers from breaching their data is worrying. This leads to a significant exposure to several risks, including infrastructure vulnerability, identity theft, and malicious codes systemic infection.
It is important for insurance companies to invest in efficient, professional, and specialized IT teams and consultants. The development and implementation of data security protocols is essential too. In addition, companies can’t forget to educate employees and partners on how to detect suspicious activity or malicious software.