The insurance industry, a critical pillar of the financial sector, is increasingly vulnerable to cyber threats. According to SecurityScorecard’s latest report, 59% of breaches in the top 150 insurance companies stemmed from third-party attack vectors. These findings highlight an urgent need to reassess cybersecurity strategies, particularly concerning third-party risk management (TPRM).
The Growing Cyber Risk Landscape in Insurance
The insurance ecosystem is inherently interconnected, with carriers, reinsurers, brokers, claims processors, and IT vendors all playing crucial roles. However, this interdependence also introduces significant security risks. Andrew Correll, Senior Director of Cyber Insurability, emphasizes that “cyber risks don’t stop at the first layer of defense — they extend deep into the supply chain, where vulnerabilities are harder to detect and even harder to mitigate.”
Key statistics from the report include:
- 28% of insurance companies reported breaches, a figure higher than the S&P 500 average of 21% and double the U.S. energy industry’s 14%.
- 59% of breaches involved third-party attack vectors, exceeding the global cross-industry average of 29%.
- Insurance carriers, despite comprising only 27% of the sample, accounted for 50% of third-party incidents.
- More than half (56%) of companies experienced at least one compromised credential in the past two years.
- 17% of companies faced malware infections and device compromises in the last year.
- The lowest-scoring cyber risk factors included application security, DNS health, and network security.
Strengthening Third-Party Risk Management
Given the high rate of third-party breaches, insurance companies must take a proactive stance on cybersecurity. The SecurityScorecard STRIKE team suggests several key measures:
Strengthen Third-Party Risk Management for Insurance Carriers
Insurance carriers should conduct regular security assessments of third-party vendors and implement stringent access controls to reduce vulnerabilities.
Ensure Vendors Have Their Own TPRM Programs
Cyber risks extend beyond direct third parties to fourth-party vendors. Organizations must ensure that their partners also maintain robust security protocols.
Avoid Paying Ransomware Demands
Paying ransoms emboldens cybercriminals and does not guarantee data recovery. Instead, companies should invest in robust incident response plans and secure backups.
Conclusion
The latest findings on cybersecurity risks in the insurance sector underscore the urgent need for a more rigorous approach to third-party risk management. The interconnected nature of the industry means that a weak link in the supply chain can lead to significant financial and reputational damage. By adopting stringent cybersecurity measures and reinforcing vendor risk assessments, insurance companies can safeguard sensitive financial and personal data while maintaining policyholder trust.
About COE Security LLC
At COE Security LLC, we specialize in helping businesses fortify their cybersecurity posture and achieve compliance with industry regulations. Our expert team provides comprehensive solutions to address third-party risk, secure critical data, and prevent cyber threats. Partner with us to strengthen your cybersecurity framework and protect your organization from evolving threats.
Link to the official post