Ransomware upends the insurance industry. here's how companies can protect against threats

Blogs and Articles

When malware holds a victim's data for a hefty price, it's called ransomware. The most straightforward action, such as an employee clicking on an infected link, downloading malicious software, or forgetting to complete the newest browser update, can trigger this type of attack.

Ryan Humbert
Ryan Humbert
October 12, 20217 mins
Lock pictogram

Hackers use these actions and vulnerabilities to access an organization's sensitive files, documents, photos, customer data, and financial information. Then they hold this data until the company pays the ransom. If an organization cannot or will not pay the hacker's asking price, which can range in the hundreds or thousands of dollars, they risk losing their data or having it released to the public.

Unfortunately, ransomware is rising, hitting more than a third of surveyed organizations already this year. These organizations comprise several industries spanning from hospitals and businesses to schools and local governments. According to a recent report by IT security company Sophos, titled "The State of Ransomware 2021," more than a third of the 5,400 organizations surveyed said they experienced a ransomware attack this year. Cyber attacks were up 400% in 2020. Payment demands were higher than ever, topping $300,000 on average, a 171% increase from the previous year.

Ransomware hackers usually target organizations that rely heavily on private and confidential consumer data, so it makes sense for the insurance industry to stay on guard. Recent large-scale attacks are a constant reminder that insurance providers need to be extremely diligent about cyber protection.

Insurance industry ransomware is increasing in both size and scale

The threat against the insurance industry became crystal clear in March 2021, when a significant ransomware attack hit one of the largest insurance companies in the United States. After an unsuspecting employee downloaded a malicious browser update through a legitimate website, cybercriminals gained access to the company's data, disabled monitoring and security tools, and turned off backups.

Over several weeks, hackers copied sensitive data, including names, addresses, Social Security numbers, and medical information, to a separate location and locked down the insurer's systems.

This attack resulted in what we believe to be the highest payment disclosed to date — a loss of 40 million dollars.

The cyber insurance sector may be a double-edged sword

The rise in ransomware has also increased pressure on the insurance industry that underwrites policies for these specific crimes. To protect themselves from cyber and ransomware attacks, companies purchase cyber insurance. According to the Cybersecurity & Infrastructure Security Agency, cyber insurance coverage protects organizations against a wide range of losses.

Also, these policies' coverage extends to costs "arising from data destruction and/or theft, extortion demands, hacking, denial of service attacks, crisis management activity related to data breaches, and legal claims for defamation, fraud, and privacy violations."

Not only have cyber insurance firms been paying out large sums for coverage payouts, but they've also become the latest targets themselves. Cybercriminals started hacking these insurance providers to gain access to their systems to find out how much coverage companies have and how much they're likely to pay in ransom. This insight gives hackers an advantage in negotiating ransom payments; they can capture client identities and the scope of their coverage for later attacks.

The Insurance Journal reported in July that cyber insurance payouts now exceed 70% of premiums—the breaking point for industry profitability.

The ripple effects of ransomware costs

Already, the increasing attacks are driving up costs for both insurers and their clients alike. The U.S. Government Accountability Office survey revealed that half of the insurance buyers paid between 10% and 30% more for coverage. And some companies have seen premiums rise by as much as 50%.

As insurer profits evaporate and premiums increase, some providers are looking for ways to change their business models. In some cases, they partner with cybersecurity firms to reinforce their clients' protection against attacks to drive down claims.

Prevention is far less costly than remediation for cyber insurance company clients.

IT security company Sophos estimates that even mid-sized companies are paying an average of $170,404 in ransom. But, with a total cost of $1.85 million per attack for lost time, productivity, and business opportunities, it's safer to avoid vulnerabilities altogether.

What can insurers do to protect their data?

The very nature of insurance organizations, financially backing highly valued assets, makes them vulnerable to ransomware attacks. Without direct access to customers' sensitive information, insurance organizations won't be able to operate. To help protect your insurance organization's data, here's how to defend your data:

1. Implement company-wide education programs

  • When it comes down to it, there's no better place to start than training essential cybersecurity for your staff. From recognizing phishing emails to avoiding malware infections, helping unsuspecting employees identify what to look for helps prevent targeted attacks.

2. Be diligent about regular security updates (It's not just building locks anymore)

  • Employee education goes a long way, but it alone cannot solve cyber vulnerability issues. So, ransomware doesn't always rely on someone clicking infected emails or fake program installation links. When organizations haven't updated software or installed patches, they open themselves to security holes that attackers can penetrate.
  • For the best prevention against attacks, deploy automatic and ongoing updates to your users' systems, specifically for antivirus software, operating system patches, browser software, and any browser plug-ins.

3. Use active archiving to back up data

  • Ransomware threats are less compelling if your company backs up all of its data and files. Active archiving continually copies critical data, saving files as they are accessed and keeping them readily available for your team.

4. Keep a golden copy offline

  • Hackers are patient. They often work through your systems for months in advance to infect backups, archives, and current workflow systems. Your company's security specialist can help by setting up processes to regularly generate a series of "golden copy" backups and screening them for infection. These copies should be held offline in a storage system that is physically separate from your working IT infrastructure. That way, you always have clean, uninfected data for ransomware recovery.

5. Delegate your data protection to professionals

  • There are some things you can do yourself but recognize when it's time to hire a professional. With ransomware attacks becoming increasingly complex, firms can find it challenging to keep up with new threats. Luckily, there are professional systems, services, and software to help protect your data, so you don't have to go it alone. Including the services of a professional can help keep your ransomware protection up to date. Further, it can prevent unforeseen costs, frustration, and — possibly worst of all — the reputational risk associated with attacks.

Finding the right ransomware protection partner is key to survival

Ensuring the security of your data backups can go a long way toward neutralizing ransomware threats. And, state-of-the-art archiving prevents attackers from infecting the backup data you'll need to rely on to recover from a breach.

Iron Cloud Secure Offline Storage (SOS) offers cost-effective protection from cyber threats through an air-gapped or offline storage system. You can further protect your data with Vault Lock capabilities, which enables multi-factor authentication.

Ransomware attacks in the insurance industry are increasing both frequency and costliness. Still, good storage and backup practices can substantially reduce the risk.

Learn more about how Iron Cloud SOS and Vault Lock can help keep your data safe here.