The threat of cyber attacks against insurance agencies is very real. The nature of cyber attacks should be particularly alarming for small businesses. Small businesses do not have the resources large corporations may have when managing the consequences of a data breach. Let’s face it, corporate giants do not suffer the trauma of a cyber compromise in the same way a small business does.

Today, there are numerous vulnerabilities for the average small to medium sized insurance agency

Additionally, there are some industries that we expect should be more prepared for cyber intrusions based upon the nature of their business. An example, is when breaches occur against technology firms. Whether conscientiously or sub conscientiously our thoughts often include: “They should have known how to protect themselves better!” and “Can I trust this product any longer?” We tend to hold them to a higher standard than we do non-tech focused businesses.

Across the board, cyber breaches are increasing. One can open an online news forum and see where a cyber attack has been successfully launched on a business or corporation.

As in other industries, The risk for cyber Attacks against Insurance Agencies is very real!

Insurance Agencies Are Targets For Cyber Attackers

Why would a cyber-thief want an insurance agency’s records? The Insurance agency is a target rich environment. It possesses a lot of very sensitive information. Insurances agencies keep or have access to Social Security Numbers and Tax ID numbers. Addresses, phone numbers, household or business information is also readily available. Information about family members, wealth and earning information may also be at its disposal. Real property asset values can further incentive fraud seekers.

Today, there are numerous vulnerabilities for the average small to medium sized insurance agency. Remote computing, mobile device security, using public wi-fi, business and personal email accounts, USB storage devices and of course using your teenagers computer are but a few examples. Further, these examples include only the end user scenario. We haven’t addressed the onsite network like an under protected company network. Or cloud where you may be access cloud resources like Hawksoft without rules to keep device to cloud data transmission secure.

Insurance Agencies understand the risks associated with inadequate coverage

Clients generally expect to be warned regarding a lack of adequate coverage or potential areas of exposure. While the buyer may have a sense of being upsold, they also understand that this is their insurance and not a smart phone package. The stakes are not equal. Of course, whether they act upon them or not is another matter. Should there be a loss associated to an area of risk they were forewarned about it may lead to greater credibility on the part of the under insured toward his insurer.

In kind, an insurance agency should actively know the risk they are taking with their clients data. It is reasonable to assume that insurance agencies are getting the proper protection. Which leads to my next point.

Insurance Agencies Should Be Viewed As Protected

Insurance agencies are one of those industries from which we tend to expect a higher level of security. As consumers we feel more vulnerable when very personal information may be compromised rather than if credit cards are compromised. If my insurance firm is hacked, what does that mean regarding my insurance policies I have with them? And can I continue to trust them with my information?

“The key is to invest in robustly secure information technology…

What should your agency do?

Forbes Magazine has some very insightful information in their Dec. 2019 online magazine.

The key to reducing the probability of a cyber attack is to get and stay protected. And start on it today:

  • Ensure you are behind a firewall that is monitored and regularly patched against the latest threats. The risk for cyber Attacks against Insurance Agencies is very real! Take precautions to protect your business.
  • Keep patching up-to-date. Ensure that all antivirus (AV) and antiransomware (AR) products are patched and on every device including smart phone and remote worker computers. If your remote worker using his/her own device for work, either purchase a company product or pay for the AV/AR. It’s cheaper than a breach.
  • Filter all incoming and outgoing email communications. Yes, even outgoing email messages! If you get breached, why pass it along to your clients!
  • Encrypt all data. Notice the period! Whether, in transit. That is data moving to or from any source (including Internet based line-of-business applications). And at-rest data. That is data on a server, computer/laptop, storage device, backup media, ETC.
  • Have a cybersecurity incident response document. Let’s hope you are never compromised! But if you are the best way to reduce the damage is to know what to do in the event of a compromise.
  • Keep staff trained on basic Internet security. Don’t exchange passwords via email. Don’t open email from a suspicious sender. I also discourage the use of personal USB storage devices and personal email accounts.
  • Get checked! You get a physical every year to be sure you’re staying healthy – even if you’re feeling healthy. Do the same for your network.

If you have questions or comments be sure to leave a comment


Netvolutions Technology Group is an Independent Technology Firm located in Southern California. They are dedicated to the specific technology and security needs of the Small and Medium Size Business community.