Why Insurance Brokers Need a Proactive Cybersecurity Program
March 31, 2022
insuretech insurance Insurance broker cybersecurity insurance
As insurance brokers and wholesalers immerse themselves in the ongoing digital transformation their clients expect, they rely more heavily on remote solutions to provide services to customers and complete daily tasks.
Despite the benefits, that dependence increases the risk of an agency becoming exposed to a cybersecurity attack. Just like brokers selling cyberintrusion polices understand cybersecurity insurance may help their insurereds mitigate some of their losses, it doesn’t do much to help organizations take a more proactive approach to prevent attacks in the first place.
For that reason, agencies, just like their client base, should also invest in building a robust cybersecurity program that puts them in a position where they have proper preventative measures in place.
While clients may end up paying higher premiums because they lack adequate protection against breaches, the public perception of a breach occurring at your agency can make prospects and current clients think you don't take data privacy seriously.
In addition, you can incur additional expenses from business losses lawsuits. Those resulting headlines could cost you the trust of clients and customers, impacting your organization’s ability to continue writing new business.
What Kind of Cybersecurity Threats Do Brokers Face?
Insurance companies maintain a lot of data about policyholders, including financial, personal health information (PHI), and personal identifiable information (PII). Because of that, they’ve become ripe targets for cybercriminals looking for vulnerable assets to exploit.
There are several different methods typically used by hackers to gain access to information held by insurance companies:
1. Social Engineering
In many instances, companies find themselves put at risk by their employees. Some reports say 95% of cybersecurity breaches are caused by human error.
For example, a cybercriminal might track the social media activity of workers to pick up on clues that help them figure out their login credentials. In other instances, they may send emails purporting to be from a partner insurance carrier listed on your website asking an employee to provide sensitive information. If the employee responds, that attacker has what they need to cause havoc within an insurance broker's systems.
2. Outdated Software
Many bad actors periodically look for weaknesses in the external software used by insurance brokers and agencies. For example, if a web developer used a specific component to build a website that contained a vulnerability, that hacker could use it to get inside an insurance company’s networks. Companies must stay on top of any necessary software patches to prevent these attacks through their IT teams, outsourced Managed Service Provider (MSP) or through automated patching, like we have built into Havoc Shield.
3. Poor Cloud Architecture
Many insurance companies have started shifting their data access and storage to cloud technology. However, if there are issues with the architecture or security protections, it can represent a ripe opportunity for cybercriminals.
They may take advantage of the weakness to launch a Denial of Service (DoS) attack or try to hijack the account. If they manage to find a way in, online intruders can get into your organization’s PII and PHI data while blocking access to your company employees.
4. Use of Third-Party Services
Many companies use third-party software for services like payment processing or specific insurance-related tools.
Without adequate protections, cyber pirates can use malware to hijack information like credit card numbers and social security numbers when your company processes transactions.
For that reason, insurance companies must take the time to create security precautions for working with third-party vendors. In addition, your organizations should have a complete understanding of the security protocols that third-party vendor has in place.
5. Poorly Maintained Hardware
Hardware maintenance is essential to creating a robust cybersecurity framework. When companies make the mistake of assuming that hacking threats only emerge from software vulnerabilities, they could potentially neglect critical updates to their hardware. Attackers can exploit weaknesses in outdated hardware that might be difficult for your IT team to update. With the growth of remote work and Bring Your Own Device (BYOD), managing devices remotely is another cybersecurity challenge brokers must face.
How Can a Proactive Cybersecurity Program Help?
Coming up with a one-size-fits-all approach to tackling cybersecurity threats can be a challenge. However, there are some common considerations insurance brokers can handle with a proactive cybersecurity program like Havoc Shield, that can be used as an added-value protection to sell to clients as well:
- Implement periodic risk assessments — Conducting regular risk assessments help you identify and figure out the potential of future threats that might harm your brokerage. Use risk assessments, like vulnerability scans, to establish the likelihood of an attack happening and the impacts on your business. That way, you can figure out how to lower the chances of a cyber breach.
- Set up network firewalls — Firewalls are hardware devices or programs that review your network traffic and put up barriers to attackers. For example, many brokers have employees using devices connected to a shared network. Having firewalls in place protects those internet connections and provides defenses against hackers looking for security weaknesses.
- Establish a security culture — Broker producers and staff should understand the threat to their organizations from potential cyber breaches and the resulting fallout that could occur. In addition, there are strict regulations outlined in laws like HIPAA that outline the protections insurance companies must have in place. NYS's Department of Financial Services is leading the way with strict compliance regulation for the industry. For those reasons, everyone within your organization must play a part in safeguarding sensitive data.
- Conduct periodic security testing — Your cybersecurity program should have a plan in place for regular testing of different vulnerabilities. That way, you can develop strategies to address them before it becomes a portal for a data breach.
- Monitor website security — Because many insurance companies use online portals to communicate with insureds and providers, they should regularly test and monitor those outlets. That way, you can look for any software errors or other issues that might make it a target for cyber attacks. After each new release, ongoing monitoring and testing help protect your website from exploitation.
Protection and Added Value with Havoc Shield
Protecting your own house is key as you sell business and cybersecurity policies to clients. Showing prospects you take data security seriously goes a long way to building trust, and writing more lines of coverage.
In addition to having an all-in-one platform that can protect YOUR agency, we've built tools specific to the insurance industry to make applications more simplified while aligning carrier questions to a program to mitigate cybersecurity risks.
This program can be an added-value sell while binding more cybersecurity policies.
To learn more about how Havoc Shield can help you protect your data while adding value and binding more business, grab a demo of our insurance products today.