Avoiding internal operations on the cybersecurity front

As cyber threats continue to evolve, insurance companies face increasing risk not just from outside attackers but from within their ranks. Insider threats — whether from current or former employees, contractors, or others with access to sensitive information — pose a unique challenge to cybersecurity efforts.

Insider threats are an often overlooked but critical cyber risk for insurance companies, according to Sean Plankey (pictured), global leader of cybersecurity software at WTW. While external cyber attacks often make headlines, internal threats – from individuals who have access to internal systems and data – can be equally or more damaging due to their specialized knowledge of internal processes. These threats pose a significant cyber security risk to insurers, requiring effective mitigation strategies to minimize potential harm.

Plankey said insider threats include computer security risks from people who have, or have had, authorized access to a company's systems, data, or facilities. This group includes current or former employees, contractors, and other organizations with inside information.

Insider threats can be intentional, driven by financial gain, revenge, or ideological goals, or unintentional, where negligence or social engineering jeopardizes security. In the insurance sector, sensitive customer information, proprietary algorithms, and financial data are at risk, with insider threats manifesting in a variety of ways, such as unauthorized access to databases or falsification of financial records.

Verizon's 2024 Data Breach Investigation Report found that 35% of data breaches were caused by insiders, highlighting the prevalence of this issue across industries, including insurance.

Plankey noted that insurers are particularly vulnerable due to the large amount of personal and financial data handled by employees and contractors. Misuse or unauthorized disclosure of such information can lead to identity theft, fraud, and significant financial loss, both to the insurer and its customers.

There have been notable cases where insider threats have affected insurance companies. For example, in 2018, a former employee at a major insurance company was convicted of stealing confidential client data, including Social Security numbers and other sensitive information. The employee intended to commit identity theft and tax fraud, causing damage to the insurer's reputation.

In one case, the claims adjuster altered claims records to inflate payments, leading to significant financial losses before the fraud was discovered. These incidents show how insider threats can exploit weaknesses in insurance systems.

To mitigate these risks, Plankey emphasized the importance of multi-layered cyber security strategies for insurance companies. Key steps include implementing access controls based on the principle of least privilege, where employees can only access information necessary for their jobs.

Regular monitoring and evaluation of system activity can detect unusual behavior early, while employee training in cybersecurity is essential for promoting awareness of best practices and the effects of insider threats.

Improving data protection with encryption technology and preventing data loss, as well as regularly updating security policies, are important steps to reduce the risk of insider threats. Insurance companies, Plankey advises, must take these precautions to protect sensitive information, protect financial assets, and maintain customer trust.

While insider attacks in the insurance industry may be underreported due to privacy concerns, the potential for financial and reputational damage underscores the need for strong cyber security measures.

By implementing comprehensive security controls and fostering a culture of cybersecurity awareness, insurers can better protect against insider threats and protect their assets in an increasingly digital world.

What are your thoughts on this matter? Please feel free to share your comments below.