What We Do
How we do it
Resources
SECURITY ADVISORIES
Oct 19, 2021
Hackers Infect Employees of Law Firms, Manufacturing Companies, and Financial Services Orgs. with Increasingly Pervasive Infostealer, SolarMarker
SolarMarker Infects 5X More Corporate Victims Using Over a Million Poisoned WordPress Pages Key Takeaways eSentire has observed a fivefold increase in SolarMarker infections. Prior to September, eSentire’s Threat Response Unit (TRU) detected and shut down one infection per week. Beginning in September, TRU averaged the detection and shutdown of five per week. SolarMarker is a…
Read More
View all Advisories →
Company
ABOUT eSENTIRE
About Us
eSentire is The Authority in Managed Detection and Response Services, protecting the critical data and applications of 1000+ organizations in 70+ countries from known and unknown cyber threats. Founded in 2001, the company’s mission is to hunt, investigate and stop cyber threats before they become business disrupting events.
Read about how we got here
Leadership Work at eSentire
LATEST PRESS RELEASE
Oct 12, 2021
eSentire Launches MDR with Microsoft Azure Sentinel Extending Response Capabilities Across Entire Microsoft Security Ecosystem
Waterloo, ON – Oct. 12, 2021 -- eSentire, recognized globally as the Authority in Managed Detection and Response (MDR), today announced the expansion of its award-winning MDR services with Microsoft Azure Sentinel, as part of its integration with the complete Microsoft 365 Defender and Azure Defender product suites supporting Microsoft SIEM, endpoint, identity, email and cloud security services.…
Read More
Partners
PARTNER PROGRAM
Partners
Our award-winning partner program offers financial rewards, sales and marketing tools and personalized training. Accelerate your business and grow your revenue by offering our world-class Managed Detection and Response (MDR) services.
Learn about our Partner Program
PARTNER RESOURCES
Apply today to partner with the Authority in Managed Detection and Response.
Login to the Partner Portal for resources and content for current partners.
Search
Resources
Blog — Jun 05, 2018

Insurance providers are at risk

The insurance industry is built on trust. Unfortunately, this trust can easily be lost in the event of a cyber incident. The insurance sector has lagged far behind other financial-sector industries in its adoption of cybersecurity technologies. Although banks and other financial institutions were among the first to come under the attack of cybercriminals, they’re now among the most secure. Cybercriminals will move on to easier targets, which is where the risk lies for insurance providers.

Hackers have identified the insurance industry as one that handles extremely sensitive information but has yet to put in place the measures needed to effectively safeguard against cyber-attacks. According to a recent study, only 20% of insurance CEOs believe that their firm is prepared for a cybersecurity event, yet 42% realize that cybersecurity is their most serious concern – outweighing regulatory risk by a significant margin.

Cybercriminals are targeting insurance providers for confidential customer data including finance and health information, insurance claim files, trade secrets, business assets and more.

The potential effects of a breach include:

Threats targeting insurance providers

According to eSentire Threat Intelligence, common attack methods used against the finance industry include:

These methods – if successful – can cause serious business disruptions and extensive costs if not detected and responded to quickly.

Cybersecurity compliance requirements

Depending on your region and business activities, your firm will be required to comply with specific cybersecurity regulations from regulators like NAIC or other federal or state/provincial regulations.

In the US, insurance providers will need to meet NAIC’s Insurance Data Security Model Law. While it’s not technically enforceable, the NAIC aggressively encourages adoption. The NAIC’s model law establishes a legal framework for requiring insurance organizations to operate complete cybersecurity programs, including everything from planned cybersecurity testing and board-level involvement in the information security program to incident response plans and specific breach notification procedures.

American insurance providers may also need to meet Payment Card Industry regulations or HIPAA (depending on what information they are dealing with, e.g. health insurance). In Canada, insurance providers need to follow PIPEDA (Personal Information Protection and Electronic Documents Act) and/or provincial regulations.

In summary, here are a list of the top factors driving insurance providers to reconsider how they handle cybersecurity:

The faster the firm catches the threat, the lower the impact

Breaches can have a significant impact on your business and customs. The costliest types of attacks for insurers are denial of service, phishing and social engineering and malicious insiders. Because many firms have limited resources and defenses in place, protecting against these threats can be a challenging task.

Fortunately, the next victim doesn’t have to be you. According to Aberdeen’s Monte Carlo analysis, being twice as fast at threat detection and incident response lowers the business impact of a cyber-attack by approximately 70%. The only way to avoid an incident and react quickly is to have a certified Security Operations Center (SOC) with human analysts hunting and responding to threats on your network 24x7x365.

We defend against the threats facing insurance providers

eSentire Managed Detection and Response™ (MDR) keeps insurance providers safe from cyber-attacks that other technologies miss. Our 24x7 Security Operations Centres (SOC) are staffed by elite security analysts who hunt, investigate and respond to known and unknown threats in real time. With MDR, you’ll experience:

We prepare insurance providers for complex compliance and regulatory requirements

Beyond MDR, our dedicated security experts help firms assess risks, address known gaps and build a comprehensive cybersecurity program that meets stringent regulatory requirements. With eSentire Advisory Services, you’ll have access to:

Security Program Maturity Assessments

About eSentire

eSentire is the largest pure-play Managed Detection and Response (MDR) service provider, keeping organisations safe from constantly evolving cyber-attacks that technology alone cannot prevent. Its 24x7 Security Operations Centre (SOC), staffed by elite security analysts, hunts, investigates, and responds in real-time to known and unknown threats before they become business-disrupting events. Protecting more than £4 trillion in corporate assets, eSentire absorbs the complexity of cybersecurity, delivering enterprise grade protection and the ability to comply with growing regulatory requirements. For more information, visit www.eSentire.com and follow @eSentire.



Emily Boden
Emily Boden Content Specialist

Emily is a content specialist on the Marketing team at eSentire. Drawing on her background in journalism and social media, Emily communicates eSentire's mission with compelling and thought-provoking content.