4 in 10 Insurers Have Been Breached in Past 3 Years

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.insurancenetworking.com/news/data_management/4-in-10-insurers-have-been-breached-in-past-3-years-35539-1.html

In the wake of the massive data breach at health insurer Anthem, research
from the New York Department of Financial Services indicates that insurance
companies generally do a good job of containing cybersecurity breaches.

Though 42 percent of the 43 insurers surveyed reported that their systems
had been compromised at least once in the past three years, less than five
percent said that data integrity was compromised and none reported identity
theft.

The most common tactic that hackers use to gain access to insurers’ systems
is malware (33 percent of reported intrusions), followed by phishing (23
percent). Disruption to telecommunications networks and insider access were
the most reported consequence of the breaches.

Eight in 10 insurers said their cybersecurity budget had increased in the
past three years, and most respondents only spend between three and five
percent of their total budget on cybersecurity. All insurers reported using
firewalls, malware scanning software, intrusion detection software,
encrypted files in transit and anti-virus software in their enterprises,
and about 95 percent said they encrypted files in storage.

Most insurers (44 percent) perform penetration tests annually, with one in
five performing them quarterly and 30 percent monthly. Two-thirds do their
own penetration tests, while 95 percent use a third party for some portion
of their tests.

Eighty-one percent of insurers have a dedicated information security
executive, including all life insurers. When asked what the primary
barriers were to ensuring cybersecurity in their organizations, most
insurers (81 percent) cited increasing sophistication of cyber threats and
emerging technologies (72 percent).

“Recent cyber security breaches should serve as a stern wake up call for
insurers and other financial institutions to strengthen their cyber
defenses,” Benjamin Lawsky, Superintendent of Financial Services, says in a
statement. “Those companies are entrusted with a virtual treasure trove of
sensitive customer information that is an inviting target for hackers.
Regulators and private sector companies must both redouble their efforts
and move aggressively to help safeguard this consumer data.”

The Department of Financial Services will “integrate regular, targeted
assessments of cyber security preparedness at insurance companies as part
of the Department's examination process; put forward enhanced regulations
requiring institutions to meet heightened standards for cyber security; and
examine stronger measures related to the representations and warranties
insurance companies receive from third-party vendors, among other
measures,” the statement also said.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!