The insurance sector remained an attractive target to both cyber criminals and cyber attacks by those engaged in espionage

Brokers and underwriters have been told the data they hold is a prime target for cyber criminals and cyber spies.

Speaking at Lloyd’s, Louise Taggart, manager of the Threat Intelligence Practice at PWC told the Insurance Institute of London that the industry needed to understand the risks and the reasons behind many of the attacks.

She warned that the insurance sector remained an attractive target to both cyber criminals and cyber attacks by those engaged in espionage.

At present PWC’s Threat Intelligence Practice monitors 200 different threats in over 30 countries and Taggart warned the complexity and the sophistication of attacks will only continue to increase.

She warned that the insurance sector had levels of data that appealed both to the criminal and the espionage elements.

Monetising personal data

“The espionage threats are usual from organisation that have a link to nation states,” she explained. “What they are interested in when it come to the insurance sector is the data and analysis you hold around the deals between firms and the market strategies of your clients.”

In terms of the cyber criminals the threat is higher, however, the motives may well not be what the industry will have first thought.

“Cyber-criminals are driven by money” said Taggart. “They are looking to attack firms to either hold their data for ransom or access that data.

“We have seen cases in the past where high-profile firms have been attacked and they then say that all is well as client banking and payment card details have not been taken.

“The problem is that personal information can be monetised. The dark web contains sites where personal details can be sold. The issue when we hear things such as an attack is not serious because payments details have not been accessed is that the criminal may have attacked the firm for specific data.

Personal profiles for sale

“They will use multiple attacks on multiple businesses to steal specific data so if they an attack a firm they might be after passport details or e-mail addresses and log in details. That can be combined with the results of the other attacks to build a complete personal profile which can then be sold on the dark web.”

Taggart added that often a person’s private health information can be move valuable to be sold by criminals than email addresses and password access.

She also warned that clients needed to be aware of the risks they faced, and the industry needed to work with them to put in place steps to make it harder to fall prey to cyber attack.

“You need to ask yourself why you would be attacked and what you can do to ensure that you have the systems in place to make it hard for those who would want to attack you,” she added.