Insurance Companies Face Growing Cyber Risks from Third-Party Attacks

The interconnected nature of the insurance industry—linking carriers, brokers, claims processors, and IT providers—creates an expanded attack surface for cybercriminals. According to research from SecurityScorecard, third-party risks have become a significant concern, with insurance carriers disproportionately affected. While they comprised only 27% of the study sample, they accounted for 50% of third-party-related breaches.

Additionally, over a quarter (28%) of insurance companies reported a breach, a rate higher than the S&P 500 average (21%) and double that of the U.S. energy sector (14%). Other common security issues included compromised credentials (56% of companies in the past two years) and malware infections (affecting 17% last year). The lowest-rated security factors in the sector were application security, DNS health, and network security.

Experts recommend that insurers enhance third-party risk management, ensuring vendors have strong security measures in place to mitigate fourth-party risks. The report also advises against paying ransomware demands, as doing so can encourage further attacks without guaranteeing data recovery.