The Northdoor 2021 Cyber Risk Assessment of the UK Insurance Industry shows that many firms still have clear weaknesses in cybersecurity across external attack surfaces.
Near-miss for insurers
The massive increase in working from home during 2020 brought millions of new endpoints into corporate networks, making cybersecurity a bigger headache than ever. The UK insurance industry also faced a wakeup call from the Xchanging hack, which highlighted the systemic risk inherent in the use of shared cloud-based services.
Xchanging had to move fast when cybercriminals installed ransomware and encrypted its data. Fortunately for the many London / Lloyd’s market insurers that use Xchanging services, the company’s response was both rapid and competent: services resumed without interruption, no data was lost, and there was no contamination of clients’ systems.
Emsisoft research suggests that the average downtime associated with ransomware attacks is 16 days. If the next service provider hit by malware is less well prepared than Xchanging, the UK insurance industry could face enormous damage.
Quantifying the risks
The Xchanging incident illustrates how cybersecurity risks extend beyond corporate boundaries. In the Northdoor 2021 report, we include shared service providers for the first time, to help the UK insurance industry understand its exposure to risk from this part of the landscape.
Across all categories of firms – brokers, cover-holders, carriers, and service providers – we see personal and/or sensitive data being put at risk by applications with weak or non-existent encryption, which exposes firms to confidentiality breaches, potentially large GDPR fines, and personal litigation from clients.
In this year’s report, the average score for brokers and cover-holders has fallen slightly, while carriers have seen an upswing – with one exceptional firm coming in just two points shy of perfection. However, it is worrying to see many firms still not getting the basics right, including failing to protect email recipients against phishing attacks, and omitting basic security headers from web applications. And even though carriers have improved their marks, 21 percent of them score an E- the second-lowest rating – on network services security.
Northdoor offer a full spectrum of cyber security solutions for insurance companies, from managed threat intelligence platforms to ransomware protection solutions. Northdoor are uniquely placed to support the insurance sector.
Get your free copy of the 2021 report, plus an individual risk assessment for your organisation
The Northdoor 2021 Cyber Risk Assessment of the UK Insurance Industry aims to help you boost your organisation’s existing risk-management plans, and includes recommendations on how to enhance your practices to reduce the risk of breaches.
Complete the form below for your FREE copy of the UK Insurance Industry Cyber Risk Assessment Report 2021 – and get an individual risk assessment for your organisation: