eSentire White Logo

Blog | Jun 05, 2018

Insurance providers are at risk

The insurance industry is built on trust. Unfortunately, this trust can easily be lost in the event of a cyber incident. The insurance sector has lagged far behind other financial-sector industries in its adoption of cybersecurity technologies. Although banks and other financial institutions were among the first to come under the attack of cybercriminals, they’re now among the most secure. Cybercriminals will move on to easier targets, which is where the risk lies for insurance providers.

Hackers have identified the insurance industry as one that handles extremely sensitive information but has yet to put in place the measures needed to effectively safeguard against cyber-attacks. According to a recent study, only 20% of insurance CEOs believe that their firm is prepared for a cybersecurity event, yet 42% realize that cybersecurity is their most serious concern – outweighing regulatory risk by a significant margin.

Cybercriminals are targeting insurance providers for confidential customer data including finance and health information, insurance claim files, trade secrets, business assets and more.

The potential effects of a breach include:

  • Financial loss
  • Disruption of operation
  • Compromised confidential information
  • Reputational damage
  • Challenges with regulatory bodies

Threats targeting insurance providers

According to eSentire Threat Intelligence, common attack methods used against the finance industry include:

  • Phishing

    Which could indicate a lack of security among all employees

  • Coin Miners

    Which could indicate a lack of acceptable use policies and technical controls

  • Technical support scams and fake AV social engineering

    Which could indicate a lack of employee awareness and the use of appropriate controls

These methods – if successful – can cause serious business disruptions and extensive costs if not detected and responded to quickly.

Cybersecurity compliance requirements

Depending on your region and business activities, your firm will be required to comply with specific cybersecurity regulations from regulators like NAIC or other federal or state/provincial regulations.

In the US, insurance providers will need to meet NAIC’s Insurance Data Security Model Law. While it’s not technically enforceable, the NAIC aggressively encourages adoption. The NAIC’s model law establishes a legal framework for requiring insurance organizations to operate complete cybersecurity programs, including everything from planned cybersecurity testing and board-level involvement in the information security program to incident response plans and specific breach notification procedures.

American insurance providers may also need to meet Payment Card Industry regulations or HIPAA (depending on what information they are dealing with, e.g. health insurance). In Canada, insurance providers need to follow PIPEDA (Personal Information Protection and Electronic Documents Act) and/or provincial regulations.

In summary, here are a list of the top factors driving insurance providers to reconsider how they handle cybersecurity:

  • The risk of cyberbreaches exposing financial and health information
  • The increased regulatory focus on cybersecurity
  • The fact that current liability policies do not cover cyber risks
  • The increased target of ransomware and other attacks causing disruption and lost revenue
  • The increased technical complexity of electronic information creation, storage, transfer and control across on-premises, partner and cloud service providers
  • The inevitable impact on reputation

The faster the firm catches the threat, the lower the impact

Breaches can have a significant impact on your business and customs. The costliest types of attacks for insurers are denial of service, phishing and social engineering and malicious insiders. Because many firms have limited resources and defenses in place, protecting against these threats can be a challenging task.

Fortunately, the next victim doesn’t have to be you. According to Aberdeen’s Monte Carlo analysis, being twice as fast at threat detection and incident response lowers the business impact of a cyber-attack by approximately 70%. The only way to avoid an incident and react quickly is to have a certified Security Operations Center (SOC) with human analysts hunting and responding to threats on your network 24x7x365.

We defend against the threats facing insurance providers

eSentire Managed Detection and Response™ (MDR) keeps insurance providers safe from cyber-attacks that other technologies miss. Our 24x7 Security Operations Centres (SOC) are staffed by elite security analysts who hunt, investigate and respond to known and unknown threats in real time. With MDR, you’ll experience:

  • 24x7x365 continuous hunting and monitoring
  • Detection of unknown attacks leveraging patterns and behavioral analytics
  • Human-led investigation utilizing always on full packet capture, logs and event data
  • Full forensic analysis to confirm threats and eliminate false positives
  • Isolation and communication disruption of the threat on your behalf, with no retainer fee
  • Full remediation support until the threat is eliminated, not just alerting and guidance

We prepare insurance providers for complex compliance and regulatory requirements

Beyond MDR, our dedicated security experts help firms assess risks, address known gaps and build a comprehensive cybersecurity program that meets stringent regulatory requirements. With eSentire Advisory Services, you’ll have access to:

Security Program Maturity Assessments

  • Security Policy Guidance
  • Security Incident Response Planning
  • Security Architecture Review
  • Health Checks
  • Executive Briefings
  • Penetration Testing & Vulnerability Assessments
  • Risk Assessments
  • Phishing Campaigns

About eSentire

eSentire is the largest pure-play Managed Detection and Response (MDR) service provider, keeping organisations safe from constantly evolving cyber-attacks that technology alone cannot prevent. Its 24x7 Security Operations Centre (SOC), staffed by elite security analysts, hunts, investigates, and responds in real-time to known and unknown threats before they become business-disrupting events. Protecting more than £4 trillion in corporate assets, eSentire absorbs the complexity of cybersecurity, delivering enterprise grade protection and the ability to comply with growing regulatory requirements. For more information, visit and follow @eSentire.

Emily Boden

Emily Boden

Content Specialist

Emily is a content specialist on the Marketing team at eSentire. Drawing on her background in journalism and social media, Emily communicates eSentire's mission with compelling and thought-provoking content.