Since 2018 cyberattacks on insurers have more than doubled, and issues continue to mountSurvey conducted by Accenture Financial Services shows the serious and immediate dangers of cyber breachers, and the importance of cyber security. Access full report here.
Since our last cyber resilience survey in 2018, cyberattacks on insurers have more than doubled (from 240 to 519 attacks, on average), illustrating the current cyber climate for insurers: It’s volatile.
Accenture’s State of Cyber Resilience for Insurance report presents both good and bad news amid the volatility, and reinforces our concern that, in 2018, insurers’ cybersecurity efforts were often “buying time” against threats that now are rising.
The good news? Breaches against insurers are down 42 percent since our last survey. Our survey finds some of the “nuisance” attacks—those resulting when cyber attackers commoditize their attack toolsets—are less effective as insurers have learned to fend these off via increasing password complexity requirements and two-factor authentication strategies.
Insurers have had some successes in strengthening their cyber resilience.
- Successful breaches dropped by 42%, from 52 breaches on average in 2018 to 30 breaches now.
- Previously, only 9% of insurers could detect a security breach within 24 hours. That number is now 32%
- In 2018 only 33% of insurers could remediate a breach in 30 days or less. Today that number is 72%
The Less-Rosy Picture
With attacks on the rise and coming from new directions, insurers face a handful of challenges that stretch their ability to respond:
- Indirect attacks are increasing. Insurers should extend security measures beyond their four walls, as our survey finds 40 percent of attacks coming indirectly, from a third party connected to the business’s network. This challenge is made even more complex when companies rely on a remote workforce.
- Recovery time is lengthening. While insurance providers may have improved their ability to fend off breaches, they are detecting them at rates lower (56 percent) than cross-industry cyber resilience leaders (83 percent). Insurance companies lag cross-industry leaders in resolving breaches quickly and are exposing more of their customers—our report found 44 percent of insurers had exposed more than 500,000 customer records last year, compared to only 15 percent for cross-industry leaders.
- Insurers are investing but fear they can’t maintain the pace. Our survey finds firms increasing their cybersecurity investment. More insurers are investing at least a fifth of their cybersecurity budget on advanced technologies (89 percent, compared to 68 percent from our previous study). But they worry the cost is high and rising. Among those surveyed, 72 percent say staying ahead of attackers is a constant battle, one with an ultimately unsustainable cost.
Standouts Achieve More
These challenges may seem daunting. But our Cyber Resilience Survey identified a group of elite, best-in-class insurance leaders who are demonstrating significantly greater effectiveness at cybersecurity and cyber resilience than their peers. Emulating these leaders can help insurers improve their overall effectiveness. Best-in-class insurers identified by our survey can:
- Stop more attacks
- Find breaches faster
- Fix breaches faster
- Reduce breach impact
Elite cyber resilience insurers perform better.
- Among insurers surveyed, 8 percent fit the “elite” category, while 83 percent fell into the non-leader or average performer category.
- For elite insurers, only 3 percent of breaches are successful. That number rises to 14 percent for non-leading insurers.
- Eighty-eight percent of elite insurers detect breaches in less than a day, versus only 26 percent for non-leaders.
- An overwhelming 97 percent of elite insurers fix breaches in 15 or fewer days. Only 37 percent of non-leaders can say the same.
- Elite insurers report 53 percent of breaches have no impact on their organization. That number dips to 37 percent for non-leading insurers.
Follow the leader
Would it cost even more—in terms of time, money, resources—for insurers to match the performance of “best-in-class” leaders? It might be better to view these top-notch providers as “leading the way.” They offer a path forward that may not be the costliest or most complicated. The key to their cyber resilience success is in investing wisely and efficiently in their cybersecurity efforts.
Elite cyber resilient insurance firms suggest adhering to these guidelines:
Prioritize speed. Speed, measured by how quickly they can detect, respond and return to normal after a breach, is a priority for leading insurers.
Scale more. Leaders seek to scale investments, moving tools from pilot to full deployment. Those who succeed perform four times better than average.
Train more. Training underpins speed. A majority (59 percent) of top performing insurers offer training about security tools to more than half of users.
Collaborate more. Organizations that collaborate within and outside their walls have a breach ratio of 6 percent versus an average of 13 percent for the rest.
Ready to begin?
Following the trail blazed by insurance leaders can help all firms improve their cybersecurity game.
Insurers also can pursue immediate steps toward improvement. For example, they can shore up defenses against indirect attacks. The solution sounds simple enough: It’s about establishing policies, governance and enforcement such that third parties connected to your network follow the same high security standards you do. Pulling this off—and maintaining it over the long haul—would take some effort.
Fortunately, help is available. We can work with you, wherever you are in your cybersecurity journey.