Cyber risk and advisory programs that identify security gaps and build strategies to address them.
MDR that provides improved detection, 24/7 threat hunting, end-to-end coverage and most of all, complete Response.
Our team delivers the fastest response time in the industry. Threat suppression within just 4 hours of being engaged.
Be protected by the best from Day 1.
24/7 Threat Investigation and Response.
Expert hunting, research and content.
Defend brute force attacks, active intrusions and unauthorized scans.
Protect assets from ransomware, trojans, rootkits and more.
Intelligence and visibility across AWS, O365, DevOps and more.
Configuration escalations, policy and posture management.
Detects malicious insider behavior leveraging Machine Learning models.
The insurance industry is built on trust. Unfortunately, this trust can easily be lost in the event of a cyber incident. The insurance sector has lagged far behind other financial-sector industries in its adoption of cybersecurity technologies. Although banks and other financial institutions were among the first to come under the attack of cybercriminals, they’re now among the most secure. Cybercriminals will move on to easier targets, which is where the risk lies for insurance providers.
Hackers have identified the insurance industry as one that handles extremely sensitive information but has yet to put in place the measures needed to effectively safeguard against cyber-attacks. According to a recent study, only 20% of insurance CEOs believe that their firm is prepared for a cybersecurity event, yet 42% realize that cybersecurity is their most serious concern – outweighing regulatory risk by a significant margin.
Cybercriminals are targeting insurance providers for confidential customer data including finance and health information, insurance claim files, trade secrets, business assets and more.
The potential effects of a breach include:
According to eSentire Threat Intelligence, common attack methods used against the finance industry include:
Which could indicate a lack of security among all employees
Which could indicate a lack of acceptable use policies and technical controls
Which could indicate a lack of employee awareness and the use of appropriate controls
These methods – if successful – can cause serious business disruptions and extensive costs if not detected and responded to quickly.
Depending on your region and business activities, your firm will be required to comply with specific cybersecurity regulations from regulators like NAIC or other federal or state/provincial regulations.
In the US, insurance providers will need to meet NAIC’s Insurance Data Security Model Law. While it’s not technically enforceable, the NAIC aggressively encourages adoption. The NAIC’s model law establishes a legal framework for requiring insurance organizations to operate complete cybersecurity programs, including everything from planned cybersecurity testing and board-level involvement in the information security program to incident response plans and specific breach notification procedures.
American insurance providers may also need to meet Payment Card Industry regulations or HIPAA (depending on what information they are dealing with, e.g. health insurance). In Canada, insurance providers need to follow PIPEDA (Personal Information Protection and Electronic Documents Act) and/or provincial regulations.
In summary, here are a list of the top factors driving insurance providers to reconsider how they handle cybersecurity:
Breaches can have a significant impact on your business and customs. The costliest types of attacks for insurers are denial of service, phishing and social engineering and malicious insiders. Because many firms have limited resources and defenses in place, protecting against these threats can be a challenging task.
Fortunately, the next victim doesn’t have to be you. According to Aberdeen’s Monte Carlo analysis, being twice as fast at threat detection and incident response lowers the business impact of a cyber-attack by approximately 70%. The only way to avoid an incident and react quickly is to have a certified Security Operations Center (SOC) with human analysts hunting and responding to threats on your network 24x7x365.
eSentire Managed Detection and Response™ (MDR) keeps insurance providers safe from cyber-attacks that other technologies miss. Our 24x7 Security Operations Centres (SOC) are staffed by elite security analysts who hunt, investigate and respond to known and unknown threats in real time. With MDR, you’ll experience:
Beyond MDR, our dedicated security experts help firms assess risks, address known gaps and build a comprehensive cybersecurity program that meets stringent regulatory requirements. With eSentire Advisory Services, you’ll have access to:
Security Program Maturity Assessments
eSentire is the largest pure-play Managed Detection and Response (MDR) service provider, keeping organisations safe from constantly evolving cyber-attacks that technology alone cannot prevent. Its 24x7 Security Operations Centre (SOC), staffed by elite security analysts, hunts, investigates, and responds in real-time to known and unknown threats before they become business-disrupting events. Protecting more than £4 trillion in corporate assets, eSentire absorbs the complexity of cybersecurity, delivering enterprise grade protection and the ability to comply with growing regulatory requirements. For more information, visit www.eSentire.com and follow @eSentire.
Emily is a content specialist on the Marketing team at eSentire. Drawing on her background in journalism and social media, Emily communicates eSentire's mission with compelling and thought-provoking content.