Avoiding inside jobs on the cybersecurity entrance

As cyber threats proceed to evolve, insurance coverage firms face an rising danger not simply from exterior attackers however from inside their very own ranks. Insider threats – whether or not from present or former staff, contractors, or others with entry to delicate data – pose a novel problem to cybersecurity efforts.

Insider threats are an usually missed however vital cyber danger for insurance coverage firms, in keeping with Sean Plankey (pictured), international chief of cybersecurity software program at WTW. Whereas exterior cyber assaults continuously make headlines, insider threats – stemming from people with entry to inner methods and knowledge – may be equally or extra damaging on account of their privileged data of inner processes. These threats pose severe cybersecurity dangers to insurers, requiring efficient mitigation methods to reduce potential hurt.

Plankey mentioned that insider threats contain cybersecurity dangers from people who’ve, or as soon as had, approved entry to an organization’s methods, knowledge, or bodily premises. This group consists of present or former staff, contractors, and different events with insider data.

Insider threats may be both intentional, pushed by monetary acquire, revenge, or ideological motives, or unintentional, the place negligence or social engineering compromises safety. Within the insurance coverage sector, delicate buyer data, proprietary algorithms, and monetary knowledge are in danger, with insider threats manifesting in varied methods, akin to unauthorized entry to databases or manipulation of monetary information.

A 2024 Verizon Information Breach Investigations Report discovered that 35% of knowledge breaches have been brought on by insiders, highlighting the prevalence of this challenge throughout industries, together with insurance coverage.

Plankey famous that insurers are notably susceptible because of the huge quantities of non-public and monetary knowledge that staff and contractors deal with. The misuse or unauthorized disclosure of such data can result in identification theft, fraud, and vital monetary losses, each for the insurer and its prospects.

There have been notable instances the place insider threats impacted insurance coverage firms. As an example, in 2018, a former worker at a significant insurance coverage agency was convicted of stealing confidential consumer knowledge, together with Social Safety numbers and different delicate data. The worker supposed to commit identification theft and tax fraud, inflicting reputational harm for the insurer.

In one other case, a claims adjuster altered claims information to inflate funds, resulting in substantial monetary losses earlier than the fraud was uncovered. These incidents illustrate how insider threats can exploit weaknesses in insurers’ methods.

To mitigate these dangers, Plankey emphasised the significance of proactive and multi-layered cybersecurity methods for insurance coverage firms. Key measures embody implementing entry controls primarily based on the precept of least privilege, the place staff can solely entry data obligatory for his or her roles.

Common monitoring and auditing of system exercise can detect uncommon conduct early, whereas worker cybersecurity coaching is essential in fostering consciousness of finest practices and the results of insider threats.

Enhancing knowledge safety by encryption and knowledge loss prevention applied sciences, together with recurrently updating safety protocols, are additionally important steps in lowering the chance of insider threats. Insurance coverage firms, Plankey suggested, should take these precautions to guard delicate data, safeguard monetary belongings, and preserve buyer belief.

Whereas insider assaults within the insurance coverage business could also be underreported on account of confidentiality issues, the potential for monetary and reputational harm underscores the necessity for robust cybersecurity measures.

By implementing complete safety controls and fostering a tradition of cybersecurity consciousness, insurers can higher defend in opposition to insider threats and defend their belongings in an more and more digital world.

What are your ideas on this story? Please be at liberty to share your feedback beneath.