At the risk of sounding cliché: It’s only a matter of time before your insurance business or your clients become victims of a cyberattack.
Read through the full article here: https://www.propertycasualty360.com/2020/12/14/insurance-under-fire-deepfakes-and-cyberattacks-run-rampant/
Additionally, with the advent of remote workforces, cybersecurity becomes the most important asset any insurance company could have. While the exact size of the American remote workforce is debatable, before the COVID-19 virus, 3.6% of the workforce, or approximately 5 million people, were remote, according to Willis Towers Watson. By the end of 2021, that number is expected to reach 42 million employees — an increase of 733%.
The actual number of remote workers is unimportant. What is important is the indisputable fact that the move to a remote workforce has left insurance companies more susceptible to cyberattacks than at any other point in history.
MonsterCloud, the cybersecurity platform provider, says there have been an estimated 4,000 cyberattacks in the United States every day since the pandemic started. These cyberattacks have resulted in major breaches of confidential data. The inevitable consequence is an erosion of trust and customer loyalty — ergo, a direct hit in insurance companies’ bottom line. This also translates into a downward spiral for the U.S. economy as all areas are affected — from the Consumer Confidence Index (CCI) to Wall Street indices.
The insurance industry has seen a major rise in Business Email Compromise (BEC) and advancement in social engineering techniques, such as spear phishing (sending emails that appear to come from a known or trusted sender). According to the FBI, there are generally six types of BEC:
One worrying factor is these messages don’t contain attachments or links to activate the malware. Rather, their biggest weapon is the recipient’s normalcy bias and lack of security awareness. Additionally, the message arrives with a sense of urgency and expeditious action that needs to be taken.
As the insurance-industry workforce relies less on face-to-face communication and increasingly depends on digital communications, what’s to stop a cybercriminal from sending a video creating an insurance company’s CEO and directing employees with false instructions? Or a cybercriminal from impersonating an insurance broker and gathering personal information from a client?
The answer: nothing.
That’s because cybercriminals are well aware that insurance companies possess a trove of customers’ personal and financial information. To make matters worse, it doesn’t even have to be existing customers; these bad actors can target potential customers who reach out to insurance companies for a quote. This puts scammers and fraudsters in an ideal position to steal customers’ identities.
Deepfakes can take the form of video, audio and photo artifacts. They work by leveraging algorithms (deep learning, which means machine learning) and artificial intelligence to create, edit, or modify content in such a way that it appears to be genuine. The intention is to deceive the consumer and obfuscate the truth.
There are a number of things that insurance-company employees can do to protect themselves against these kinds of attacks. Here are three of them:
There is no denying that cybercrime is the greatest threat any company faces in these digital times. The reality that hackers are targeting the insurance industry is worrisome and a burden to insurance companies. But this does not have to be an onerous burden. There are avenues any company can explore so as to safeguard itself against these attacks.
“Eternal vigilance is the price of liberty,” Thomas Jefferson said. That saying applies perfectly to this challenge. The insurance industry must be vigilant and proactive against growing cyber threats.