Defending Against Ransomware: Safeguarding Insurers and Policyholders Amid Rising Threats

The ransomware problem is reaching crisis levels, and no industry is immune. Insurers need to take steps now to protect themselves and their policyholders.

Understanding Ransomware

Ransomware is a type of malware that denies an organization or individual user access to certain files or destinations within their network. As the name might suggest, the attackers hold your system hostage, requesting a ransom payment in exchange to restore your access. 

By design, ransomware attacks put businesses in a vulnerable position. These attacks are stressful on any level, but if the target is a large enterprise that stores and manages sensitive data on thousands (or even millions) of customers, the consequences can be highly disruptive and costly. 

The Surge in Attacks and Ransom Demands

In a Thales survey of nearly 3,000 IT and security professionals around the globe, 93% believe security threats are increasing in volume or severity. More specifically, they found that the number of enterprises experiencing ransomware attacks increased by more than 27% over the past year. 

The escalating threat of ransomware attacks is displayed by several high-profile incidents in recent months. This includes the attack on Caesars and MGM casinos in September 2023, which shut down the entirety of both companies’ infrastructure. The incident cost MGM an estimated $100 million, and Caesars $15 million, which they decided to pay to the attackers. 

Insurers Are Feeling the Impact

For insurers, the rise in ransomware can hit in two ways. First, cyber insurers are being pushed to their limit as more and more claims are filed, and for larger and larger amounts. Insurance Journal reports that AXA, a global insurance company, has stopped writing cyber coverage that includes reimbursement for ransom payments in France, and other insurers are likely to follow suit.

Second, insurers are also vulnerable to attacks. Hackers often target companies with large amounts of personal or financial data, and insurers have that in spades. According to CNN, a cyberattack in March 2024 on Change Healthcare, a unit of UnitedHealth, disrupted insurance processing at pharmacies across the country, costing certain healthcare providers more than $100 million per day. 

Prompt Payment May Be Making the Situation Worse

As the ransomware crisis worsens, many people are pointing out that the willingness to pay hackers encourages more attacks while funding criminal activities. The FBI has discouraged ransomware payments and the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) previously warned that ransomware payments could violate OFAC regulations.

Nevertheless, companies keep paying, mostly because they feel like they have no other choice. More and more, ransomware hackers aren’t simply encrypting files. They’re also threatening to release them. This means that ransomware victims are very eager to end the attack, even if they have backups.

At the same time, giving into a ransomware demand doesn’t guarantee the safe return of the files. Even worse, Infosecurity Magazine reports that 78% of organizations that pay ransom receive a second attack, oftentimes by the same culprit.

Prevention Is the Only Solution

Once a company is hit by a ransomware attack, there are no ideal options. Whether or not the company pays, the damage has already been done.

Prevention is the only good solution. All companies must make sure their systems are as secure as possible, and this is especially true for insurance companies and other companies that possess valuable personal and financial data.

Focus on Secure Hosting

Your hosting choices matter and now, the stakes are becoming even higher. This is not the time to try to reinvent the security wheel in-house. Instead, it’s important to rely on the full security force of tried-and-true systems. This is why we recommend secure hosting with MS Azure.

The security stance of your core system partner also matters. Insuresoft’s practices, policies, procedures, and operations meet the SOC 2 standards for security, availability, processing integrity & confidentiality.

Segment Networks

A number of cybersecurity experts recommend insurers practice network segmentation, which can help mitigate losses and exposure if an attacker is able to breach the system. Under this strategy, implementing the principle of least privilege can limit attacks by preventing lateral movements throughout the system. So, even if a cybercriminal bypasses system security, they will only gain access to a small subnet, not the entire network. 

Conduct Thorough Employee Training

Sometimes, your best defense will be well-trained employees who know how to spot suspicious activity and breach attempts, and know which protocols to follow to escalate the situation. In the current threat landscape, cybersecurity education should be an integral part of your employee training, not just an afterthought. Since attackers’ tactics continually evolve, you must regularly update staff with the latest techniques and methods they’re using to keep their skills sharp. Human error is an unfortunate yet prevalent factor in ransomware attacks, so it’s up to you to ensure your employees are well-prepared to handle malicious actors. 

6 Ways to Protect Policyholders

When an insurer is targeted by a ransomware attack, they risk exposing both their own corporate data and the private information of their policyholders. In these unfortunate scenarios, insurers can experience a hit to their reputation, a loss of policyholder trust, and possible fees or penalties from regulatory bodies for their inadequate data privacy practices. To protect policyholders from the effects of ransomware or any other cybersecurity incident that could put their information at risk, the following are some of the measures insurers can take. 

1. Employ Data Back-Ups

To prevent costly disruptions and lost service to policyholders, like in the Change Healthcare case, insurers should implement robust data backup recovery procedures. This way, they can ensure critical data will be quickly and effectively restored in the event of a ransomware attack or data loss. Plus, another added benefit is insurers may feel less pressured to pay the ransom if they have alternative access to the captured data. 

2. Ensure Regulatory Compliance

Depending on the line of business the insurer deals with, they may be subject to various data security regulations such as GDPR or HIPAA. It’s always best practice to implement security frameworks and policies that abide by these standards and avoid possible penalties for noncompliance. However, in the face of rising ransomware threats, it’s even more relevant to do so. 

3. Implement Data Encryption

Advanced data encryption can protect policyholder data whether it’s in transit or being stored on the network. When encrypted, unauthorized users who don’t have the proper encryption key are unable to view the data. So, even if there is a system breach, the encrypted data will remain secure. 

4. Proactive Incident Response Planning

In the unfortunate case that an insurer does get hit with a ransomware attack, they shouldn’t be caught unprepared. Acting quickly can help prevent data loss and mitigate potential exposure. This falls partly under employee training, as it can be helpful to regularly run through potential scenarios with staff to test the effectiveness of the incident response plan.

5. Educate Policyholders

Just like it’s important to train employees on the latest trends and developments in the cybersecurity space, you can provide similar education to policyholders to help them stay protected online. Policyholders may be even more unaware of ransomware threats depending on their line of work, so consider running dedicated campaigns promoting online safety, best practices for keeping accounts secure, and other tools and resources to keep them well informed. 

6. Get Cyber Insurance Coverage

Lastly, insurers may consider obtaining cyber insurance coverage to provide financial protection in the event of ransomware attacks, social engineering attacks, data breaches, or other cybersecurity incidents. Depending on the policy, this might include coverage for legal expenses, fines, and ransom payments, allowing insurers to take the necessary means to secure policyholder data. 

Emerging Challenges and Future Outlook

The frequency of ransomware attacks has increased sharply over recent years, with similar trends expected to continue as businesses become increasingly digitized. Technology continues to rapidly advance, which only enables cybercriminals to engage in more sophisticated attacks. Thus, insurers need to constantly refine and improve their security frameworks to prevent possible vulnerabilities that hackers can exploit. 

The stakes are rising specifically for insurers, with Deloitte noting that “Cyber-criminals have started to recognize that insurers possess large amounts of personal information about their customers, which is very attractive to fraudsters.”

Insurers have to be a caretaker of customer data, and as security concerns grow, many insurers are choosing Insuresoft as their core platform and engine of growth. While cybersecurity threats only grow more sophisticated, Insuresoft can be your trusted partner to help you embrace the benefits of digital transformation with the confidence that your and policyholder’s data is kept secure within our system.