The insurance industry cyber crime report: recent attacks on insurance businesses

The latest cyber crime report reveals increasingly damaging cyberattacks targeting the insurance industry

The insurance industry cyber crime report: recent attacks on insurance businesses


By Mark Rosanes

The insurance industry’s sheer size and scope, along with the substantial amount of sensitive data it manages and stores, make the sector a prime target for cyber crime. And with insurance companies increasingly shifting key processes to digital channels in recent years, the volume of cyberattacks against the industry has likewise risen dramatically.  

In this part of our cyber crime report, Insurance Business lists down the most recent cyberattacks targeted at the insurance industry. We will discuss the scale and magnitude of these attacks and the impact of the aftermath. This article will also explain the most common cyber threats hounding the sector and what businesses can do to protect themselves.  

This piece can serve as a useful reference for both customers and insurance professionals on the different threats the industry is facing and what cybersecurity measures they can take to mitigate the impacts of such attacks.      

Insurance industry cyber crime report – top attacks on the sector 

Fidelity Investments Life Insurance discloses third-party data breach 

Date of notice: March 1, 2024 
Date discovered: February 13, 2024 
Date of attack: October 29 to November 3, 2023 
Location: US 

Fidelity Investments Life Insurance Co. has reported that personal information of more than 28,000 customers was compromised in a recent cyberattack. 

In a notification filed with the Maine Attorney General’s Office, the company revealed that the hack occurred at Infosys McCamish Systems, a third-party service provider. The incident happened between October 29 and November 2, 2023.  

Infosys McCamish is still investigating the data breach, but Fidelity officials believe that among the personal information accessed are customer names, states of residence, Social Security numbers, dates of birth, and bank accounts and routing information. 

Cyberattack causes massive outage to UnitedHealth’s systems 

Date of attack: February 20, 2024 
Date reported: February 21, 2024 
Location: US 

UnitedHealth Group has disclosed that a massive cyberattack has caused a nationwide outage to one of its computer systems used to transmit data between healthcare providers and insurance companies. The cyber crime prevented some pharmacies from processing prescriptions.   

In an SEC filing dated February 21, the health insurance giant said that hackers accessed its subsidiary Change Healthcare systems, prompting the insurer to disconnect from other parties. It added that no other systems were affected.  

UnitedHealth is working with law enforcement and cybersecurity experts but can’t say when the service will be restored at the time of the filing. 

Prudential Financial discloses data breach 

Date of attack: February 4, 2024 
Date detected: February 5, 2024 
Location: US 

Prudential Financial has informed the US Securities and Exchange Commission (SEC) that it fell victim to a cyberattack that may have compromised sensitive information of employees and contractors. 

In a Form 8-K filing, the insurance giant said that it detected the data breach on February 5, a day after hackers gained unauthorized access to some of its systems. 

The insurer said that the attackers were able to access company administrative and user data stored on the compromised systems. It did not report, however, how many employees and contractors were affected by the cyber crime.  

Prudential Financial said that it has not found evidence of customer data theft but added that investigations into the matter were still ongoing. 

Washington National Insurance falls victim to SIM-swapping attack 

Date of notice: January 26, 2024 
Date of attack: November 29, 2023 
Location: US 

Life and health insurance giant Washington National Insurance Company has fallen victim to a data breach after a senior officer was targeted in a SIM-swapping attack.  

The insurer filed a notice of data breach with the Attorney General of Massachusetts confirming that hackers gained access to client’s sensitive information, including their names, dates of birth, Social Security numbers, and policy numbers.  

Washington National Insurance is reaching out to the 20,360 individuals affected by the cyberattack. 

Keenan & Associates warns 1.5 million clients of data breach  

Date of notice: January 26, 2024 
Date of attack: August 21-27, 2023 
Location: US 

Insurance consulting and brokerage firm Keenan & Associates is sending notices to more than 1.5 million clients, warning that their personal information has been compromised in a recent data breach. 

In a notification sent to the Office of Maine Attorney General, the California-based brokerage firm confirmed that the data breach occurred between August 21 and 27, 2023. During that time, hackers accessed the company’s system and stole customers’ personal data.  

Keenan said exposed personal information varies by individual but includes: 

  • names 
  • dates of birth
  • Social Security numbers 
  • driver’s license numbers 
  • passport numbers 
  • health insurance information 
  • general health information 

The company added that it has already notified affected parties and has started sending out written notices.  

Keenan’s client base spans a range of sectors, including education, healthcare, and public agencies. It is a part of AssuredPartners NL, one of the largest brokerage firms in the US. 

GEICO database for sale in the dark web, 552,900 records exposed 

Date posted: January 14, 2024 
Location: US 

The sale of compromised data allegedly from car insurance specialist GEICO surfaced on a dark web forum, putting the Berkshire Hathaway-owned insurer once again under scrutiny. 

A threat actor identified as “wangfei19860902055” posted the details on the Nuovo BreachForums. The data breach reportedly involved 552,900 records containing personal information, including names, phone numbers, and addresses.  

The post states: “GEICO Private Automobile Insurance Company of America, total 552,900 entries, de-focused, all screened open WS First-hand data, see screenshot below for formatting. Sold as a whole, not split, for data security reasons. Samples are as follows.” 

Cyber crime report – screenshot of GEICO compromised data on dark web 

Cyber crime report – screenshot of GEICO compromised data on dark web
Source: X (formerly Twitter) 

GEICO has yet to release an official statement regarding the data breach. 

The attack follows a cyber incident in August 2023, where GEICO faced a nationwide class action lawsuit for compromising customer privacy by releasing driver’s license numbers. Identity thieves exploited the situation by using the numbers to fraudulently claim unemployment benefits. 


First American Financial restores systems after data breach 

Date disclosed: December 20, 2023 
Location: US 

First American Financial, the second largest title insurer in the US, has announced that it has contained a previously disclosed cyberattack in an amended 8-K filing. The firm confirmed that it has restored some of its systems and resumed normal business operations. 

On December 20, the insurance giant was forced to shut down systems of several of its subsidiaries, including its First American Trust banking unit, after it detected a data breach. The company said hackers accessed, stole, and encrypted non-production systems data.  

First American is still investigating the cyber incident and has not yet determined whether it will have significant impact on its financial condition and operational results. 


Major life insurer falls victim to MOVEit hack 

Date of confirmation: December 6, 2023 
Date of attack: May 2023 
Location: US 

Pan-American Life Insurance Group (PALIG) has confirmed that its data was compromised through the MOVEit cyberattack, adding the life and health insurer to the hack’s growing list of victims. 

The attack, which happened in May, has impacted more than 2,500 businesses worldwide.  

An investigation found that the hackers stole files that contained personal information of individuals, including:  

  • Names 
  • Addresses 
  • Social Security numbers 
  • Dates of birth 
  • Driver's license numbers 
  • Contact information 
  • Certain biometric data 
  • Financial and credit card information 

PALIG also confirmed that it has ceased using MOVEit platform since the vulnerability was announced. 


Delta Dental of California cyberattack impacts 7 million patients  

Investigation completed: November 27, 2023  
Date of discovery: June 1, 2023 
Date of attack: May 27 to 30, 2023  
Location: US 

Almost seven million patients of Delta Dental California had their personal information compromised as the insurer has been added to the growing list of victims of the MOVEit hack.  

Delta Dental, which is the largest insurer in the US, confirmed the data breach in a recent notification. The firm said that unauthorized actors had accessed and stolen data from its systems between May 27 and 30, 2023. The company learned about the cyberattack on June 1, 2023.  

Among the data compromised were names, financial account numbers, and credit card numbers, including security codes. Delta Dental has been providing 24 months of free credit monitoring and identity theft protection services to impacted patients. 


Cyberattack disrupts Fidelity National Financial’s operations  

Date of attack: November 19, 2023 
Location: US 

Fidelity National Financial (FNF) has revealed that a cyberattack brought down its systems, causing service disruptions.   

The Florida-based industry giant, which is one of the largest title insurers in North America, has confirmed the incident in a Form 8-K filing with the Security and Exchange Commission (SEC). 

Among those impacted by the cyber crime are the company’s: 

  • Title-related services 
  • Mortgage transaction services 
  • Technology it provides to the real estate and mortgage industry clients 

“Based on our investigation to date, FNF has determined that an unauthorized third party accessed certain FNF systems and acquired certain credentials,” FNF’s SEC filing stated. 

The company restored all its services last November 29.  

Blue Shield hack compromises data of millions of patients 

Date of notification: November 17, 2023 
Date of attack: May 28-31, 2023 
Location: US 

Health insurance giant Blue Shield has joined the growing number of victims of the MOVEit data breach, which has impacted businesses worldwide. The attack has potentially exposed records of millions of patients to cybercriminals. 

A notice in the Oakland-based insurer’s website dated November 17 stated that personal information compromised included:   

  • Names 
  • Birth dates 
  • Social Security numbers 
  • Patient ID numbers 
  • Personal data on diagnoses and care patients received 

The notice did not specify the number of patients affected, although Blue Shield’s membership numbers around 4.5 million.  

Blue Shield confirmed that the MOVIEit platform, which it uses to transfer and store sensitive patient information, was the victim of the breach. The insurer was notified of the attack on September 1. An investigation found that the cyberattack took place between May 28 and 31. 

The health insurer added that the hack targeted only MOVEit servers. The company’s internal emails and systems were not accessed. 

Sabre Insurance confirms cyberattack but says no sensitive data accessed  

Date of attack: November 16, 2023 
Location: UK 

England-based car insurer Sabre Insurance has confirmed that it was targeted by a cyberattack, but said its defenses held up, preventing any sensitive data from being compromised. 

In a notification of the cyber incident filed with the London Stock Exchange, the Dorking-headquartered firm said its security controls worked “promptly and effectively. The insurer added that the attack was contained before the hackers were able to access any sensitive areas of its systems.   

“Due to the effective segregation of the company's systems, customers have continued to be able to make changes to existing policies, report claims, and buy new policies securely,” Sabre said in the statement. 

A cybersecurity partner assisted with the management, assessment, and resolution of the incident. 

Hackers attack Russian insurance giant Rosgosstrakh, steals military intelligence data 

Date of attack: November 4, 2023 
Location: Russia 

Russia’s second-largest insurer Rosgosstrakh suffers a massive cyberattack, with information of Russian military intelligence agents among the data compromised. 

According to this website’s cyber crime report, the hackers are selling 400GB of stolen data online for $50,000 in Bitcoin (BTC) or Monero (XMR) cryptocurrency. Among the information they accessed were personal and insurance-related information belonging to three GRU agents, Russia’s military intelligence agency. 

The cybercriminals gained full access to investment and life insurance department records dating back to 2010, as well as personal information of 730,000 individuals. This includes Russian Social Security Numbers (SNILS) of around 80,000 individuals and complete bank routing information of 45,000 individuals.  

The hackers also claim to have accessed life insurance policies, contracts, and associated attachments. These include passports and scanned documents of public officials or their immediate relatives. 

American Family confirms cyberattack behind website outages

Date of attack: October 2023
Location: US

American Family Insurance has confirmed that it has suffered a cyberattack, prompting it to shut off parts of its IT systems to prevent the spread of the data breach. 

“This week, the technology teams at American Family Insurance detected unusual activity in a portion of our network,” a spokesperson from the insurer told this news outlet. “We quickly took precautionary measures to protect data and resources and shut down several business systems.

“We recognize the system outages are impacting customers, agents, and employees, and we appreciate their patience and understanding.”

The company said it hasn’t detected any compromises to “critical business, customer data processing, or shortage systems,” with many of its business units able to continue without interruption. The firm added that an investigation on the cyberattack has been ongoing.

IT outages at the company have affected its phone and online services. Policyholders have reported being unable to file claims or pay bills online. Clients trying to access online services have been instructed to contact the company via phone instead.

 American Family Insurance cyber crime report advisory

American Family hopes to conclude its investigation and bring its systems back online soon.

Philippine state-owned health insurer hit by ransomware attack

Date of attack: September 22, 2023
Location: Philippines

The Philippine Health Insurance Corp. (PhilHealth), which operates the country’s National Health Insurance Program, was hit with Medusa ransomware, with hackers demanding $300,000 in exchange for the stolen data.

This prompted the agency to disable or unplug its systems, including its website and member portal, as part of cybersecurity containment measures. On September 29, the country’s Department of Information and Communications Technology announced that it has started restoring stolen data and determining the origin of the cyberattack.

The government-owned health insurer has yet to disclose what information was stolen.

CareSource slapped with $9.9 million lawsuit due to MOVEit hack

Lawsuit filed: September 22, 2023
Date of attack: May 31, 2023
Location: US

Medicaid managed-care non-profit CareSource has been slapped with a multi-million-dollar lawsuit for a data breach that struck one of its vendors last May 31.

Victims are seeking more the $9.9 million in damages, claiming the Ohio-based insurer didn’t have adequate cybersecurity measures in place, which caused more than three million customers to have their personal data compromised.

One of CareSource’s software vendors MOVEit fell victim to a cyberattack, with the hackers stealing private identification and health information among others.  

The lawsuit accused the insurer of violating health privacy laws by failing to protect personal health information and failing to follow industry standards for cybersecurity. CareSource has yet to file a response in court.

American National confirms MOVEit data breach 

Date of attack: Undisclosed 
Date reported: July 7, 2023 
Location: US 

Major insurer American National Insurance Company has confirmed that one of its vendors, Progress Software, has fallen victim to a data breach impacting thousands of its customers. A cyber crime report from this website reveals that the insurer was targeted by hackers exploiting the MOVEit vulnerability and became aware of the incident on July 7.  

The report added that compromised data might vary depending on the individual, but could include customer’s name, Social Security number, address, financial account information, and medical information. 

A notice filed on August 7 with the Texas Attorney General has disclosed that around 35,550 Texans were affected. This, however, provides limited information about the incident. The notice also showed that impacted individuals would be notified by the insurer through US mail.

Prudential Malaysia confirms data theft in two subsidiaries

Date of attack: June 13, 2023
Location: Malaysia

Prudential Malaysia confirmed in a statement that two of its subsidiaries were among the victims of the MOVEit data breach, which affected businesses across the globe. The affected companies were Prudential Assurance Malaysia Berhad (PAMB) and Prudential BSN Takaful Berhad (PruBSN).

MOVEit Transfer is a secure managed file transfer (MFT) software that enables the exchange of data between applications, servers, systems, and users within and between different businesses.  The firm said the hackers exploited a zero-day vulnerability to commit the data theft.

Prudential Malaysia added that they took the necessary cybersecurity measures and notified the authorities once the data breach was discovered. According to the insurer, among the information “very likely” to have been compromised included:

  • agents’ and customers’ names
  • contact numbers
  • national identification numbers
  • bank account and/or partial credit card information

Sun Life data breach impacts clients in the US

Date of attack: June 2023
Location: US

Canadian insurance giant Sun Life has disclosed that personal data belonging to some of its US clients has been compromised as part of a global cyberattack in June involving the MOVEit file transfer software.

While the insurer doesn’t use the software for its systems, one of its third-party vendors, Pension Benefit Information (PBI), uses the platform to transfer files internally and between parties. According to Sun Life, it shares certain information with PBI to support business operations, including timely payouts of life insurance and related benefits.

The hackers were able to access several personal data, including:

  • Name
  • Date of birth
  • Social Security ‎number
  • Policy number
  • Account number

‎Sun Life, however, maintained that no financial information – such as premium and account values – claims and medical data, and policy documents were exposed.

Prudential data breach impacts over 320,000 customers 

Date of attack: May 29-30, 2023 
Location: US 

Prudential Insurance has confirmed that one of its vendors has fallen victim to the MOVEit data breach, which has stolen sensitive information from businesses across the globe. The affected vendor, Pension Benefit Information (PBI), provides regulatory compliance and operational support services to insurers, pension funds, and other businesses.  

In a notification document filed on July 31, the insurance giant reported that 320,840 customers were impacted. The compromised data included names, addresses, dates of birth, phone numbers, and Social Security numbers. The breach was discovered on June 27.  

NYLIC joins growing list of victims of MOVEit data breach 

Date of attack: May 29-30, 2023 
Location: US 

Another client of PBI, New York Life Insurance Company (NYLIC) confirmed a massive data breach through the third-party vendor. The insurer joins the growing list of victims of the MOVEit cyberattack.  

In its notification document filed on August 11, NYLIC revealed that 25,685 clients were affected by the incident. Among the data stolen was customers’ Social Security numbers. The data breach was discovered on June 6. 

Genworth Financial suffers massive data breach

Date of attack: May 29, 2023
Location: US

US insurance giant Genworth Financial revealed that it has fallen victim to a massive data breach, impacting millions of its policyholders.

In a notification letter dated June 26, the insurer disclosed that between 2.5 million and 2.7 individuals “who are either customers or insurance agents” had their personal information accessed by hackers. The cyberattack was discovered on June 16.

“On June 16, 2023, PBI advised Genworth that specific Genworth files containing policyholder and agent information were compromised due to a security event that took advantage of a vulnerability identified in the widely used MOVEit file transfer software that PBI uses,” Genworth said in a separate statement.

PBI is a third-party vendor used by Genworth in scanning social security data to determine whether a policyholder may have died and triggered death benefits under a life insurance policy or annuity contract. The firm also helps the insurer identify deaths across other lines of insurance, as well as insurance agents to whom commissions are paid.

According to Genworth, among the exposed policyholder information are:

  • Name
  • Date of birth
  • Social Security number
  • ZIP code
  • State of residence
  • Policy number

For insurance agents, compromised data includes

  • Name
  • Date of birth
  • Full address
  • Agent ID

The insurer confirmed that its own information systems were not impacted as the company doesn’t use the compromised software. Affected individuals, meanwhile, received credit monitoring services and identity theft protection.

Progressive Insurance confirms cyberattack on third-party vendor 

Date of attack: May 18, 2023
Location: US

Progressive Casualty Insurance Company reported that one of its third-party vendors has fallen victim to a data breach that impacted about 347,000 customers. In a notification document filed on August 1, the Ohio-based insurance giant confirmed that the following information has been compromised: 

  • Name 
  • Date of birth 
  • Address 
  • Driver’s license number 
  • State ID number 
  • Emails 
  • Phone numbers 
  • Other confidential information 

According to the document, the data occurred on May 18 and was discovered the next day. Data breach class action litigation specialist Federman & Sherwood has been tasked to investigate the matter. 

MCNA data breach compromises data of almost nine million patients

Date of attack: February 26 to March 7, 2023
Location: US

Florida-based dental health insurer MCNA Insurance Company told regulators that personal health information of nearly nine million patients was compromised in a cyber incident discovered in March. In a data breach notification letter filed with the Maine state attorney general's office dated May 26, the firm said that it detected unauthorized access to its systems on March 6, with some found to be infected with malicious code.

The insurer listed more than 100 organizations affected by the cyberattack, including:

  • Arkansas Department of Human Services
  • City of New York Management Benefit Fund
  • Florida Healthy Kids Corporation
  • Idaho Department of Health and Welfare
  • Iowa Department of Human Services
  • Louisiana Department of Health
  • Nebraska Department of Health and Human Services

According to MCNA, the hackers were successful in accessing patient personal information, including:

  • Full name
  • Date of birth
  • Address
  • Telephone number
  • Email address
  • Social Security number
  • Driver's license number
  • Other government-issued ID number

While the health data compromised includes insurance information such as:

  • Name of plan, insurer, and government payor
  • Member Medicaid and Medicare ID number
  • Plan and/or group number
  • Information regarding dental and orthodontic care

The information covered parents, guardians, and guarantors who paid the bill. MCNA provides dental and orthodontic care policies to members of certain state Medicaid agencies and the Children's Health Insurance Program (CHIP).

Bitmarck cyberattack 

Date of attack: April 2023 
Location: Germany 

A cyberattack in late April 2023 prompted Bitmarck – a major IT service provider for Germany’s statutory health insurance system – to take all its customer and internal systems offline. The move affected many of the company’s clients, particularly those who rely on Bitmarck to issue their electronic sickness certificates, which are used in the country to pay employees’ leaves. 

Bitmarck did not reveal the nature of the attack but announced that patient data was not “endangered.” The company added that it would bring back systems online in a “cautious manner” to mitigate the cyber incident’s impact and risk to clients. 

The cyberattack follows another incident in January, in which personal data – including names, dates of birth, and insurance card ID numbers – belonging to more than 300,000 policyholders were stolen.  

Point32Health ransomware incident 

Date of attack: April 2023 
Location: US 

In mid-April 2023, the second-largest health insurer in Massachusetts suffered major technical outages resulting from a ransomware attack. The incident brought down the company’s systems that it uses to service members and providers, resulting in some members having difficulty contacting their insurers.  

The members who were affected by the cyberattack were mostly those covered under the Harvard Pilgrim Health Care’s commercial plans and New Hampshire Medicare plans. Members under the Tufts Health Plan were not impacted. 

Insurance Information Bureau of India cyber breach 

Date of attack: April 2023 
Location: India 

Some insiders have confirmed that the Insurance Information Bureau of India (IIB) fell victim to a cyberattack, which compromised “some data.” Information regarding the type of data stolen and other details of the breach, other than that “it is being addressed at the highest level,” was scant. 

IIB is the industry’s regulatory body in the country. The organization’s latest figures show that India’s insurance sector includes 57 insurers – 24 in the life insurance sector and 33 non-life carriers. These include major brands Aviva Life, Bajaj Allianz, Bharti AXA, Cigna TTK, Future Generali, Tata AIA Life, and TATA AIG.   

Latitude Financial data breach 

Date of attack: March 2023 
Location: Australia and New Zealand 

A record 14 million customer records were stolen in a cyberattack targeting financial services giant Latitude Financial, the company revealed in March 2023. The figure was far worse than the firm initially reported and included the following:  

  • About 7.9 million driver’s licence numbers, with some including the licence holder’s name, address, phone number, and date of birth 
  • About 103,000 copies of driver’s licences or passports 
  • About 53,000 passport numbers 
  • Less than 100 monthly account statements 
  • Income and expense information used to assess around 900,000 loan applications, including about 308,000 bank account numbers (excluding passwords) and 143,000 credit card or credit card account numbers (excluding three-digit CVC or expiry date), with the “overwhelming majority” either closed or expired 

According to New Zealand’s Office of the Privacy Commissioner, about 13% of the 7.9 million customers whose driver’s licence numbers were compromised were from the country, which was equivalent to 20% of its entire population. This makes the data breach the largest ever recorded in New Zealand when it comes to the number of affected individuals.  

There were also questions on why Latitude was holding on to that much data from former clients, which the company admitted dated back to 2005. The firm claims to handle only about 2.8 million customer accounts, according to its website. 

Latitude first disclosed the cyberattack mid-March, saying that the breach only affected about 100,000 identification documents and 225,000 customer records. The company offers a variety of credit options, including credit cards, personal and car loans, and insurance.  

Capita cyberattack 

Date of attack: March 2023 
Location: UK 

The fallout from a March cyberattack on UK-based IT services provider Capita has continued, with sources claiming that the incident affected up to 350 pension funds. Personal data belonging to millions of retirement savers might have been compromised, which would make the cyberattack the largest-ever in the country’s history. 

The Universities Superannuation Scheme (USS), the largest private pension pot in the UK, were among those affected. It claimed that about 470,000 of its members had their personal information – including names, dates of birth, and National Insurance numbers – stolen through Capita’s software. 

According to Capita, the hack started “on or around” March 22 and was intercepted in March 31. In April, Russian-speaking cyber crime group Black Basta claimed responsibility for the data breach. The gang later posted passports, addresses, and bank account details that it claimed it stole from Capita’s servers. Capita, however, did not confirm the authenticity of the documents.  

Capita is also one of the largest IT services providers of the National Health Service (NHS) – the UK’s public healthcare system. 

NationsBenefits data breach 

Date of attack: January 2023 
Location: US 

In April 2023, Florida-based healthcare benefits provider NationsBenefits disclosed that thousands of its members had their personal information compromised in a late-January ransomware attack targeting Fortra’s GoAnywhere platform, a file-transfer software that the firm was using.  

According to news reports, ransomware gang Clop claimed responsibility for the attack, saying it took advantage of a previously unknown vulnerability to raid several GoAnywhere customers. The group added that it stole sensitive data from over a hundred organizations.   

In a notification to affected clients, NationsBenefits said that the data breach involved key personal data, including: 

  • Full name 
  • Gender 
  • Health plan identification number 
  • Address 
  • Phone number  
  • Date of birth  

NationsBenefits provides health insurance policyholders a range of supplemental benefits, including vision and hearing care, and over-the-counter medication. The firm has more than 20 million members across the US. It is a third-party vendor for health insurance giant Aetna, although it was unclear if Aetna members were affected by the attack.   

HUB data breach compromises personal financial data 

Date of attack: December 12, 2022 to January 17, 2023 
Location: US, Canada 

In a notification document filed on August 11, global insurance brokerage HUB International confirmed that it has fallen victim to a data breach that started at the end of 2022 and lasted until the beginning of the year. The incident was discovered on July 27.  

The firm’s investigation found that an unknown individual accessed certain portions of its network and copied files without authorization. The cyberattack has affected 479,261 clients, as well as former and current staff mostly in the US, with a “limited” impact on Canada. 

Among the information compromised are financial account numbers and credit/debit card numbers, which include security codes, access codes, passwords, and PIN. 

Why is the insurance industry being targeted by cyber crime groups? 

The sheer volume of personal and financial data that insurance companies possess makes them an attractive target for cyber crime groups. This was what the International Association of Insurance Supervisors (IAIS) revealed in their cyber risk paper.  

According to the group, the type of data – which includes personal identifiable information (PII) – that insurers collect, process, and store in substantial amounts, makes these companies especially vulnerable to cyberattacks. Cybercriminals are also salivating over the fact that insurance companies also have rich connections with various financial institutions through investments, debt issuance, and capital raising.  

A separate cyber crime report by the cybersecurity specialist Black Kite also indicated how insurance companies “can’t afford down time.” Because of this, hackers believe that insurers are more likely to pay ransom. The report added, however, that not all cyberattacks are targeted. There are times when cybercriminals just release malware, hoping to pounce on unwitting victims.  

What are the most common types of cyber threats facing insurance businesses? 

In its latest cyber threat landscape report, the cyber intelligence platform IntSights identified the top five threats facing the insurance industry. These are:   

  1. Ransomware attacks: Insurance companies providing cyber coverage, particularly for ransomware attacks, may see their policyholders being increasingly targeted as cyber crime groups believe that businesses are more likely to pay for ransom if their policies cover for it. In terms of threat disclosure, ransomware attacks have evolved from merely encrypting files to threatening to dump compromised data on the dark web for other cybercriminals to access. 
  2. Compromise and sale of policyholder data: Insurers possess a large amount of personal data that cyber crime groups can use to commit fraud and other malicious activities. This makes insurance companies an attractive target for cyberattacks.  
  3. State-sponsored attacks: State-sponsored threat actors can use PII they stole to support their nation’s intelligence operations and other investigative activities. The cyber crime report has found that some foreign intelligence services collect these types of data and inject it into searchable databases so they can perform targeted queries.  
  4. COVID-19-related exploits: The pandemic has opened many opportunities for hackers to target healthcare organizations, one of the most vulnerable sectors. Cybercriminals may be able to exploit COVID-19 records to commit insurance fraud and identity theft. 
  5. Hacktivists: Ideologically motivated cybercriminals can target insurance companies to support their political or economic goals. Financial institutions and government agencies, which may be among their policyholders, are also susceptible to hacktivist attacks. 

Cyber insurance has become a popular risk management tool among businesses, especially with digital transformation giving rise to constantly evolving cyber threats. And as the frequency and severity of cyberattacks intensify, cyber insurers play a key role in keeping businesses protected. Find out which carriers made it to our latest rankings of the top cyber insurance companies in the US by clicking the link.     

How much are cyber breaches costing insurance businesses? 

Data breaches cost companies across the world a combined $4.35 million, according to IBM’s latest report. The figure is a 2.6% increase from the previous year. In the US, however, the cost is more than twice the global average at $9.44 million. This is the 12th consecutive year that the country has incurred the highest cost in the annual report. In terms of industry, the healthcare sector is hit the hardest, incurring a combined global average of $10.1 million. 

Given the current threat environment, it is only a matter of time before your business falls victim to a major cyberattack. The situation stresses the need for your organization to know what steps to take when cybercriminals strike as your survival depends on how effective your cyber response strategies are.  

If you want to find out the best practices for responding to a cyberattack, our step-by-step guide can help.  


How does cyber insurance work? 

Cyber insurance is a type of policy designed to cover financial losses incurred due to a cyberattack. It offers two types of protection: 

  1. First-party coverage: Covers the financial losses a business incurs because of a cyber incident. 
  2. Third-party coverage: Pays out for legal costs if a third-party sues for damages resulting from a cyberattack, as well as regulatory fines. 

What factors impact the cost cyber insurance? 

Businesses should be mindful of the several factors influencing the cost of coverage before purchasing cyber insurance. These include:  

  • The number of employees  
  • The industry the business is in  
  • Company revenue  
  • Level of coverage  
  • Cybersecurity measures in place 

Which industries are most vulnerable to cyberattacks? 

Businesses in all industries are at risk of being targeted by cyber criminals, but some sectors are more vulnerable than others. Here are the industries that cyber crime reports identify are most vulnerable because of the type and amount of data they collect and manage. 

  • Healthcare 
  • Financial services, including insurance 
  • Retail  
  • Education 
  • Energy and utilities 
  • Government  

Is it worth taking out cyber insurance? 

Cybersecurity experts warn that cybercriminals often do not discriminate based on a business’ size. And with digital transformation happening at such a rapid rate, new and potentially more damaging cyber risks are more likely to emerge. This highlights the importance of having the right form of protection, more so for companies that handle sensitive data.  

But these experts also remind businesses that it is not advisable to rely solely on cyber insurance to bail them out when cybercriminals strike. To remain insurable, your business needs to do its part and take robust measures to protect against cyber threats. 

What do you think of the recent spate of cyberattacks targeting the insurance industry? Does our cyber crime report reflect the insurance sector’s threat landscape? Feel free to share your thoughts below.

Keep up with the latest news and events

Join our mailing list, it’s free!