Why Insurance Companies Need to Care About Phishing Attacks

May 20, 2019 0 News & Blogs

Phishing attacks are costing American businesses hundreds of millions of dollars every year, and no business, big or small, is immune from this type of breach. In fact, phishing attacks and other cyber crimes are more devastating to SMBs than fire, flood, and other natural disasters combined. The cost globally of a data breach for enterprises rose over 10% in 2017, with the average cost of a data breach in North America coming in at $1.3 million for large enterprises and $117,000 for small and medium-sized organizations. But experts fear that may be just the tip of the iceberg.

In this article, we’ll discuss why insurance companies need to be aware they’re as vulnerable as bigger investment firms and banks with regards to data attacks. We’ll also lay out solutions you can implement to safeguard your organization.

Ways Phishing Attacks are Targeting the Insurance Industry

Insurance is all about mitigating risk. Phishing attacks must be appreciated as one of the biggest risks insurance companies face. Hackers find insurance firms appealing targets because of their weak security measures and lack of cybersecurity protocols.

In February of 2018, Florida-based health insurance provider Care Plus Health Plans notified its members of a privacy breach which occurred as the result of a mailing error that disclosed valuable information including names, identification numbers, plan names, dates of service, provider of service, and services provided.

Later that same year, Aflac and Continental American Insurance Company jointly revealed several independent contractor sales agents suffered a data breach potentially exposing client personal data. Immediate action was taken to reset passwords, isolate specific email accounts, and notify affected agents.

How did the hackers pull off these phishing attacks and what safeguards could or should have been in place to prevent them in the first place?

Often referred to as spear phishing, whaling, or a “fake president” scam, phishing attacks usually involve an email message that tricks the recipient into opening it and clicking on a malicious link. However they’re accomplished, phishing attacks are on the rise and insurance companies need to employ proactive, accessible solutions in order to stay on top of or ahead of them.

Protecting Your Insurance Company

A two-pronged approach will help you mitigate any potential damage or costs from phishing attacks:

1) Industry Knowledge and Proper Safeguards

Advanced email filters, AI based phishing protection, and strong firewall and endpoint security are options that can be implemented by a an experienced and knowledgeable managed service provider. In addition, educating employees on these tactics can help them recognize the signs of a fraudulent email and allow them to identify phishing attacks that place your network at risk. MSPs often offer training and awareness for employees.

2) Simulated Phishing Tests.

Done in conjunction with prior training, these tests let you measure staff compliance and employee behavior. Many official agencies recommend phishing simulations, often comparing them to regular fire drills designed to keep your employees and business safe.

Since human error is the biggest risk to data integrity, these simple yet valuable precautions are vital to reducing your risk exposure and protecting your organization from malicious phishing attacks.

Exploring Your Security Options

A managed service provider can help your company stay up-to-date on the latest technologies, tools, and emerging cybersecurity trends while lowering your risks and strengthening your resistance to phishing attacks within your insurance company. Identifying and understanding your company’s weak points is the first best step to ensuring you’re equipped to deal with the latest threats.


CompassMSP offers a free email phishing checkup to test your organization’s preparedness for such an attack. Click here to learn more about this unique opportunity.

Leave a Comment

Your email address will not be published.