Insurers’ Own Infrastructure Could Be Next Targets of Cyber Criminals
As “the next digital pandemic,” cyber risks are increasingly becoming a problem for insurers themselves, according to an industry expert.
With “a lack of controls at [an] insurer, [you] could have catastrophic damages to an entire portfolio,” said Jack Kudale, founder and CEO of Cowbell Cyber, an insurtech and managing general agency that provides cyber insurance and related services to small and medium-sized businesses.
Kudale, speaking during a CEO panel discussion at the 2021 Global Insurance Symposium in Des Moines, Iowa, on June 29, referred to cyber risks as “the next digital pandemic.”
Insurers themselves are now targets. “It is imperative that not only we protect with modern technology and innovation needed in this market, but you also protect your own infrastructure, because cyber criminals are looking for crown jewels, and where else would you go if not an insurer itself that is insuring cyber risks,” Kudale added.
Panelist Jessica Snyder, president and CEO of GuideOne Insurance, agreed.
“We just went through our own internal cyber risk internal assessment,” Snyder said. “[Ransomware criminals] can take over data centers and encrypt how to get to backups … This is a real issue our industry needs to be concerned about.”
Snyder said that GuideOne, a specialty insurer for churches, spends about 6% of its total budget on cyber issues, focused on areas such as general protection, dual authentication and other related employee training. But these efforts, she said, are “just table stakes.” Insurers don’t understand at this point the true costs behind cyber risk, she added.
“We are insuring parts where we truly don’t understand what the cost is,” Snyder said. “This is a huge issue we CEOs need to be on top of, to be aware of what is out there and what the threats are.”
Both executives’ comments come in the wake of a massive ransomware attack against Chicago-based insurer CNA earlier this year. The company reportedly paid a $40 million ransom to end the incident.
Colonial Pipeline also was slammed with a massive ransomware attack in May, impairing oil deliveries on much of the U.S. East Coast. The company paid a $4.4 million ransom to get the pipeline operating again, reports said.
Kudale said that ransomware threats will stay with the insurance industry for a long time, though he admitted that frequency and severity “will be very different as we make progress.” He agrees that third-party or supply chain risks for businesses are the next big cyber risk. The critical issue, he said, is how to proactively patrol to ensure cyber security but also understand the nature of those risks. “Prevention detection remains the most important action,” he said.