Insurance cyber attacks, data breaches and your agency, part 1

You are currently viewing Insurance cyber attacks, data breaches and your agency, part 1
Image by Markus Spiske on Unsplash


How to keep your agency’s cyberspace secure

Regardless of the size of your insurance agency, you run the risk of a data breach which grows with the number of employees you have. Granted, insurance cyber attacks against smaller agencies happen less frequently than those against major insurers – but those hackers will try to use you to get to your carriers.

Agencies store more consumer data than ever, making them an attractive target for insurance cyber attacks. As hackers become more sophisticated and insiders become bolder, agencies need to safeguard data that belongs to them and their clients.

Agency owners can close their eyes to the problem, hoping to fly under cyber thieves’ radars because they’re so small, and many agencies will be successful – for awhile. And small agencies just don’t have the IT budget for robust cyber security. However, “When it comes to security breaches, there are two kinds of companies: those that know they’ve been hacked and those that haven’t yet discovered they’ve been hacked,” said one security expert.

Not only can they wreak havoc inside your agency’s systems and with your client data, but what if you become the door to a carrier breach?  Try explaining that to their head of IT Security when they find out you, unknowingly, passed along malware causing their data breach, due to your lack of in-house security.

Symantec’s 2016 Internet Security Threat Report says “The last five years have shown a steady increase in attacks targeting businesses with less than 250 employees. If there is profit to be made, attackers strike at will.” Security analyses also show that once you’ve been the target of an insurance cyber attack that resulted in a data breach, you have an even greater likelihood of a breach occurring again and again, barring any robust protection you engage.

Stephen Brennan, managing partner and global technical consulting lead at CSC, says that the vast majority of breaches had been present over 12 months before being detected. We’ll talk more about how to build up your security and what to do once you’ve been breached in our next post.

These are the top six causes of data security incidents last year, according to the second annual Baker Hostetler Data Security Incident Response Report, as reported on

  • 31 percent phishing/hacking/malware
  • 24 percent employee action or mistake
  • 17 percent external theft
  • 14 percent vendor
  • 8 percent internal theft
  • 6 percent lost or improper disposal

In this post we’ll focus primarily on the number one cause; then, in our next post, we’ll cover security suggestions that will cover the other five.

Related: Online security tips to help your clients shore up their cyber security


Posted: No phishing, spear-phishing or whaling

First, a few definitions. You know what phishing is: tricking unknowing victims into providing usernames, passwords, credit card details, etc. by sending an email with a link to a phony website that looks like the real thing – but isn’t. It’s like fishing with a net: no one in particular is targeted, but the scammer figures he’ll catch one or two. Spear phishing is a little more sophisticated in that the scammer knows a little more about you, and the email looks quite a bit more authentic. These emails can target all your employees, for instance. Then there’s going after the big fish: whaling, which targets executives, using their name, email address, phone number and company name, luring them to a phony website to gain backdoor entry into their systems.

Symantec’s 2016 report mentioned earlier says that last year, 43 percent of spear-phishing attacks targeted small businesses. However, they added, the risk ratio of spear-phishing attacks for small businesses (1-250 employees) is still the lowest: 1 in 40.5.  Probably because smaller agencies are still – you guessed it – little fish. Some 91 percent of cyber attacks start with a spear-phishing email, Symantec said. Who’s most vulnerable? Your sales team. Studies show they’re typically the least aware of what a suspicious email looks like, and the most likely to open and act on it.

When headlines focus on Russia, China and North Korea vying for major company secrets, and the tens of millions of credit card details and other personal data exposed in breaches, it’s easy to believe that a targeted attack only happens to the big guys. However, no business is too small or too obscure to become a target, and it’s tough to know when cyber attackers have your organization in their sights. Insurance agencies store more consumer data than ever, making them an attractive target for cyber attacks.

Related: Help your insurance clients fight holiday retail cybercrime

Social engineering mimics you

Think of it as a con game: The con man studies his victim, getting to know her, and then persuades her to do something that she wouldn’t otherwise do, because the victim thinks she’s protecting herself.

It could be anything from being tricked into thinking your computer has been infected with malware (a computer virus) or you’ve accidentally downloaded illegal content – then the con man offers you a solution to instantly fix the bogus problem. But the “fix” actually downloads the malware so hackers can gain access. The three phishing schemes above fall under this loose category, as does something as simple as the hacker in the form of a potential client leaving a USB thumb drive where you’re sure to find it. You load it onto your computer so that you can figure out who it belongs to, and voila! You’ve installed malware.

Ransomware holds your agency hostage

Ransomware is malware that prevents users from accessing files and data on their computer, and threatens permanent encryption or deletion of that data if a specified ransom amount isn’t paid. For individuals and businesses that don’t consistently back up their essential data, the only option is to pay up, explained a recent Claims Journal article.

Hackers don’t particularly want to destroy or permanently encrypt the data – they just want quick cash. Historically, the ransom demand has been a relatively small amount, to make payment the easier choice: just pay the nuisance sum and get data access restored quickly. When one of your employees unknowingly clicks on a file or attachment that contains a ransomware virus, it will enter your system and hold it hostage.

Related: Does Your Agency Have a Disaster Recovery Plan?

Minimize or eliminate your ransomware risk with solid and efficient backup procedures and data restoration plans. With a robust backup system in place, even if your company’s data is encrypted by hackers, that same data is recoverable from your own backup systems.

In our next post we’ll talk more about how you can beef up security and train employees to spot these schemes before they infect your system, to protect your agency from an insurance cyber attack.



Cyberattacks in the Insurance Industry: How to Protect Your Company and Your Clients
Data at Risk Series: How Is the Insurance Industry Stacking Up to Cyber Attacks?
5 types of cyber attacks and how they can affect your business
What are the leading causes of data security breaches?
Is Your Organization Compromise Ready?
Ransomware and Cyber Extortion Are on the Rise – What Can Be Done?
Phishing, Spear Phishing, and Whaling