Not only are insurance companies “particularly attractive targets for cyber criminals,” according to a report released by US telecoms operator Verizon this week, they are also “uniquely vulnerable,” the report’s author said.
The company’s 2015 Data Breach Investigations Report placed the insurance industry in the financial services category, which suffered from 642 security incidents, making it the third most attractive sector to attack behind public and information.
Stephen Busateri, insurance global lead for Verizon Enterprise Solutions, who compiled the insurance aspect of the report, told Insurance Business
the insurance industry is “uniquely vulnerable” because the personally identifiable information held by insurers is a “particularly appealing target for cyber criminals.”
Insurance companies, he said, need to be more active in protecting their data because they have sensitive customer data on their systems.
The report said that as more insurance companies use the internet to share data and turn towards working with brokers in adjacent markets, they are “further increasing their attack surface,”
Of all the breaches, 28% were a result of by ‘miscellaneous errors,’ including human errors.
“With policy documents being sent back and forth by email, there is plenty of scope for human error allowing cyber criminals to compromise insurance companies’ systems and install malware,” the report stated.
Verizon listed some steps insurance companies can take to increase their security:
- Companies need to fully understand their data, including what data they have, where it’s stored and exactly who has access to it
- Set up controls to watch for data transfers out of the organisation
- Better educate staff so that they do not enter their credentials on unsafe websites or open attachment from unknown senders
Verizon collected data from 70 organizations worldwide and claimed 2,122 confirmed incidents of data loss had occurred, with an estimated a loss of US$400m from 700 million compromised records.