Cybercrime and your insurance agency

3 Insurance businesses that exposed client data + 2 ways you can help prevent your agency from being next

By Bri Cappella, Integrated Marketing Specialist on January 18, 2019

There were 16.7 million victims of identity fraud in 2017. Avoid simple mistakes that will put your insurance clients at risk.

Do you have spreadsheets with your client’s names, addresses and phone numbers? What about internal systems within your agency that house sensitive client information? Cloud storage on your phone? Amazon Echo in your home? Insurance agents and agencies use technology as a tool to improve customer experience and relationships, and this could make you a target for cybercrime.

Wondering how technology can help your agency? Learn more. >>>

A recent survey found that cyber security is the #2 concern across businesses of all sizes. In fact, 52% of the respondents believe that suffering a cyberattack is inevitable. However, most of the respondents have not taken adequate steps to protect themselves.

Think about the last time a major data breach made headlines. Recall a scenario where a client had a cyber-related claim. (Maybe even a time when you were the unfortunate victim of identity theft). Cybercrimes happen so frequently that they no longer surprise us. We know the risks and we know it could happen to anyone. But that doesn't mean we've actually taken steps to safeguard our data.

Deloitte, a group of independent firms, shares the stories of 3 insurance companies who were impacted by a cyber attack:

1. What happens when you don't follow best practices. An insurance and financial services firm specializing in serving seniors was attacked by cyber criminals when they identified vulnerabilities in the company's systems. The attackers stole credit card information of more than 93,000 customers — including names, addresses and unencrypted card security codes, with the goal of selling the information on the black market and committing fraudulent transactions. The company fixed the issue and issued a formal apology, however they were strongly criticized for keeping unencrypted security codes.

2. Being part of a big network can bring big cyber risks. A group of insurance and financial companies were compromised when a cybercriminal hacked into the network used by all of its members. More than one million customers and sales prospects had their information stolen, including driver's license and social security numbers, and the data was sold for identify fraud. The group had to reimburse all damages that resulted from the break, supply free credit monitoring for their customers and suffer a loss of trust from its customers.

3. When an insurance company is targeted. An insurance and investment company was targeted by cyber criminals who sent their employees e-mails containing malicious software to capture confidential data. This information was then used to comprise several of the company's servers in order to gain access to online banking information for financial gain. This event impacted a very small amount of people, but it still received media attention that impacted they company's reputation.

The average cost of data breach was $3.86 million globally in 2018. But these examples show that the initial cost of damage is just the tip of the iceberg for agents and agencies. A breach in data is a breach of trust — and that's what insurance business is built on. So, if you're not going to protect your data for yourself, do it for your clients, reputation and business.

Cyber Security Tips for Insurance Agents

Here are 2 ways you can help protect your client data today:

1. Know what you're up against.

Cyber security for insurance agents can differ depending on the software and platforms they use. Cyberattacks can typically be broken down into two categories: crimes where the goal is to disable the target and those where the goal is to access the target’s data. According to CSO, these are the most common techniques that cyber criminals are currently utilizing:

  • Malware. Malicious software that is designed to damage systems. Worms, viruses and Trojans are all types of malware and 92% of malware is delivered by email.
  • Phishing. There are roughly 156 million phishing emails sent globally every day. Phishing emails that trick users into taking a specific action, like submitting sensitive information or downloading malware.
  • Denial of Service Attacks. A maneuver to stop something from working properly, for example, shutting down an entire website. This is often used as a tactic to hold the services of a company for ransom.
WATCH: 4 ways to help protect yourself from being a victim of ransomeware. >>>
  • "Man in the Middle" Attacks. Cyber criminals put themselves between a user and the service they're accessing. For example, criminals pose as a known WiFi account and collect the data people submit while they're surfing the web.
  • Cryptojacking. Attackers gain access to a victim's computer to generate cryptocurrency.
  • Structured Query Language (SQL) Injection. Malicious codes are entering into the back-end of data-based websites and applications. This is how criminals will typically gain access to an entire database.
  • Zero-Day Exploits. Hackers identify vulnerabilities in software and use that knowledge against all of the software's users.

2. Share best practices, and use them.

Designate someone in your agency to share IT security updates with your team, like a weekly tip and notifications about current scams. And post best practices around the office for reminders. *Added bonus, these tips will be great to share with your clients, too!*

Here are a few tips from Cybint News to get you started:

  • Be password smart. Make your password more than eight characters long, and use a strong mix of letters, numbers and special characters. Don't use the same password for multiple sites and definitely don't post your password on a sticky-note attached to your device.
  • Keep your devices safe. Never leave any of your devices unattended, including flash drives or external hard drives. If you do plug devices into your computers, use caution — this is an easy way for criminals to install malware on your devices.
  • Use your own networks. Don't do sensitive browsing on a device that doesn't belong to you or one that is on public WiFi.
  • Don't share too much. From social media to phishing emails, the smallest amount of information (like your employer) can give criminals a shocking amount of leverage. If someone asks you for information, it's okay to say "No," and call the company directly to verify credentials.
  • Be careful what you click. Links aren't always what they appear to be — hyperlinks and a small change in URL can take you anywhere online.

As the world of insurance continues to go digital, the technology we use will advance and our cyber security risks will change. But one thing that will stay the same is our continued commitment to our clients — including their rights to privacy and secure data. Without that commitment, trust will be lost. And a loss in trust is a loss of business. 

 3 Ways to Build a Positive Online Reputation


Bri Cappella, Integrated Marketing Specialist

Bri is an over-enthusiastic dog mom, pop culture fanatic and Instagram addict. She enjoys eating pizza, practicing yoga and hiking.


The information contained in this blog post is intended for educational purposes only and is not intended to replace expert advice in connection with the topics presented. Glatfelter specifically disclaims any liability for any act or omission by any person or entity in connection with the preparation, use or implementation of plans, principles, concepts or information contained in this publication.

Glatfelter does not make any representation or warranty, expressed or implied, with respect to the results obtained by the use, adherence or implementation of the material contained in this publication. The implementation of the plans, principles, concepts or materials contained in this publication is not a guarantee that you will achieve a certain desired result. It is strongly recommended that you consult with a professional advisor, architect or other expert prior to the implementation of plans, principles, concepts or materials contained in this publication.

This blog post may contain the content of third parties and links to third party websites. Third party content and websites are owned and operated by an independent party over which Glatfelter has no control. Glatfelter makes no representation, warranty, or guarantee as to the accuracy, completeness, timeliness or reliability of any third party content. References to third party services, processes, products, or other information does not constitute or imply any endorsement, sponsorship or recommendation by Glatfelter, unless expressly stated otherwise.

Related posts

ChatGPT is a game-changer in insurance. Find out ways insurance agents are using it to enhance their work, as well as its pros and cons.

Continue Reading

The more that you, your agency’s employees and your clients know about cybercrime and red flags, the better.

Continue Reading

Let’s talk about what it means to have an accessible website and why it’s so important for your insurance agency.

Continue Reading

Submit a Comment