A brand new report from Black Kite reveals all the sector could also be ripe for ransomware assaults.
Whereas most individuals wouldn’t consider the insurance coverage sector as a spotlight for cyberattacks, new findings present that the business could have a severe safety downside. The just lately launched Cyber Insurance coverage Danger in 2022 report from Black Kite reveals that 82% of the most important insurance coverage carriers are the main target of ransomware assaults from cyber criminals.
The report, which examines rising cyber threat issues and ransomware susceptibility within the insurance coverage sector, discovered that 20% of the highest 99 insurance coverage carriers have a excessive price of vulnerability to ransomware. As well as, the frequency of software program provide chain assaults have been sharply on the rise, as the speed of hacks have elevated by 300% within the final yr alone.
“The sheer quantity of information generated within the insurance coverage business makes the hassle extra worthwhile to cybercriminals,” mentioned Jeffrey Wheatman, senior vp and cyber threat evangelist at Black Kite. “Insurance coverage corporations are typically bigger organizations that may’t afford downtime. Think about the outrage if a healthcare insurer couldn’t pay claims or approve medical remedies for an prolonged interval. Because of this, they’re extra more likely to pay a ransom. Not all assaults are focused, nevertheless. Typically cyber criminals simply get fortunate. If new malware is launched, it’s a matter of low-hanging fruit.”
Cyber crime is worthwhile, and insurance coverage is prepared to pay
In keeping with the report, ransomware assaults should not solely growing of their frequency and effectiveness, but additionally their profitability. As Wheatman alludes to, most corporations within the insurance coverage enterprise are prepared to easily pay a ransom to retrieve their knowledge and keep away from service outages. Per Black Kite’s findings, malicious cyber teams are cashing in, as the most important ransom paid thus far by an insurance coverage firm totaled $40 million, with the typical ransom coming in at $130,000.
“When requested why he robbed banks, notorious financial institution robber Willie Sutton answered, ‘as a result of that’s the place the cash is’. This similar sentiment applies to the insurance coverage sector and why it’s a goal for cybercriminals–as a result of that’s the place the info is,” Wheatman mentioned. “Cybercrime is a really profitable enterprise. It’s being taken over by skilled criminals which have extra money to take a position. AI has made attackers more practical, and the power of regulation enforcement to go after cybercriminals, whereas higher than it was, nonetheless leaves a lot to be desired.”
SEE: Google Chrome: Safety and UI suggestions it’s essential to know (TechRepublic Premium)
Per the report, 100% of insurance coverage underwriters surveyed indicated that ransomware and provide chain assaults have been amongst their top-three greatest issues from a risk standpoint. Though cyber insurance coverage in opposition to hacks can be found, it may be extraordinarily dear if an organization is affected. Whereas this may occasionally assist defend companies in opposition to downtimes and canopy misplaced earnings, the premiums can skyrocket as quite a few claims start to be filed. The quantity misplaced in damages is starting to exceed the estimates for insurance coverage insurance policies, placing corporations in a troublesome place relating to threat evaluation.
To make issues even worse, the report discovered that insurance coverage corporations are additionally susceptible to phishing assaults. Of the businesses analyzed, 82% of insurance coverage corporations are vulnerable to one of these assault, signaling a necessity for the business as a complete to reevaluate its safety insurance policies and procedures.
Methods insurance coverage corporations can shore up cybersecurity
Black Kite presents two principal suggestions for corporations within the insurance coverage sector to assist keep away from cyberattacks:
- Evaluate your threat portfolio on a steady foundation
- Carry automation into the underwriting course of
By conducting fixed evaluations in threat evaluation, organizations can diagnose the place potential vulnerabilities could lie of their methods. A lapse in these processes may be pricey, so it’s endorsed that these working in cybersecurity for insurance coverage corporations and continually updating insurance policies to keep away from falling sufferer to the subsequent huge assault. Cyber threat assessments can also provide options similar to real-time assault floor monitoring, permitting for companies to at all times be on-guard and prepared for potential ransomware and phishing assaults.
“Organizations which have extra threat publicity and fewer efficient threat administration packages usually tend to fall sufferer to cybercriminals preferring the ‘let’s toss something in opposition to the wall and see what sticks’ assault makes an attempt,” Wheatman mentioned. “For organizations that depend on insurers instantly or not directly, it’s essential to grasp in real-time the place the third-party exposures are and talk the enterprise affect earlier than it turns into an issue.”
The automation of the underwriting course of may help these in insurance coverage relating to defending delicate knowledge via use of cyber threat rankings platforms. These platforms can take the onus off of the corporate to keep away from assault via externally-facing knowledge from open-source intelligence assets. The automated processes then filter out the outcomes via use of dashboards and studies, permitting organizations to make efficient cybersecurity selections as wanted.