Cyber Security in the Insurance Industry

Risk, Management & Strategy.

Foresite’s ‘State of Cybersecurity’ report has recently discovered the top 5 most targeted industries for cyber attacks. At the top spot for risk sits the finance and insurance industry, constituting nearly a fifth (19%) of recorded data breaches.

In their latest Risk & Management report, Aviva have announced an increasing trend in cybercrime. The biggest risk posed to the insurance industry is unauthorised access to IT systems, in turn increasing operational risk through cyber criminals potentially planting malware or stealing company and customer data. The nature of the data held by insurance companies is not just limited to already sensitive financial information, but also personal, for example, investments and pensions, holiday or vehicular insurance.

That being said, the breach of mobile devices used by employees still remains a great risk to organisational cybersecurity too, as proven by Richard Neale’s revenge hack of 2015, compromising 900 of Aviva’s mobile devices and the data upon them. Inevitably, this breach caused downtime for those devices and their users, of which the average length of time for such a breach is around 3 days; not only that, but it has been reported that employee productivity typically decreases by around 30% following a breach. The incident serves as an important reminder that threat is everywhere, and more businesses need to be aware of security of mobile devices so as to avoid expensive ramifications as a result of system and employee downtime.

As the current state of business cybersecurity stands, you are more likely to experience a data breach of at least 10,000 records than you are of catching the flu this winter. This is why it is crucial for all companies, especially those within the insurance sector, to ensure their cyber security procedures are tight knit – particularly when it comes to mitigating risk of breach to their networks.

The UK’s insurance industry is the 4th largest in the world and employs around 111,000 people across the country. One of the main risks that organisations face when it comes to breach incidents is unauthorised access to networks via phishing scams that bypass external security precautions. On average 60% of organisations are hit by attacks that spread from an infected user to other employees, and a third of businesses on average experience data losses through email-borne malware attacks.

External Partners

Price-comparison organisations, such as MoneySuperMarket, state in their privacy policies that the special sensitive data required for a quote will be shared with their partners. If the organisation were to fall victim to a ransomware attack or cyber incident, then the partner companies are also then at a higher level of risk, especially to a phishing attack or attack on the company’s internal communications.

Whilst many insurance companies should have adept cyber security strategies in place to mitigate their risk and therefore financial liability, the volume of employees within the industry still leaves a big enough gap for human error. When it comes to the remote working situation that the majority have found themselves adjusting to over the past 6 months has prompted a greater focus needed on the security of the home working setup, and security of communication between multiple working sites.

As it stands, one of the weakest areas of organisational cybersecurity at the moment resides in external devices used for work purposes. Since 2017, there has been a 33% rise in mobile ransomware infections and on average 1 in every 36 mobile devices has a high-risk app installed. For employees who do use their own mobile devices for working (i.e. emails), this poses an easy route for cyber criminals into an organisation’s network if BYOD policies and procedures are not tightly enforced.

Serbus Secure is an integrated MDM suite, providing a set of tools that can be installed on employees’ own devices and which will protect communications, especially those of a sensitive nature. Your organisation has the option to let us host or manage centrally the devices, or take it into your own IT teams’ hands, while our experts consult with you to design a secure mobile system that will plug any potential weak spots or gaps in your current cybersecurity strategy.

To learn more about Serbus Secure or how we can assist to add value to your current cybersecurity strategy, get in touch for a chat on [email protected], or call our office on +44 (0)1432 870 879.