According to a recent report published by BeDisruptive, a technology company specializing in cybersecurity, it has been revealed that84% of cyber attacks targeting the insurance sector are of the 'Ransomware' type. The United States is the most affected country, with around thirty insurance companies falling victim to cyber attacks.
The report also reveals that the most active ransomware groups in Southern Europe are LockBit, Medusa and Play Ransomware. Although Spain has not recorded any such incidents in the last year, neighboring countries such as France, Portugal and Italy have been seriously affected.
In second place are distributed denial of service (DDoS) attacks with a 14% incidence rate. These attacks have mainly taken place in European countries and have been carried out by hacktivist groups such as CyberArmyofRussia_Reborn and NoName057.
In addition, the report highlights that in Spain there are more than 800 insurance companies operating at different levels of digital maturity. These companies are transforming their models based on innovative technologies such as artificial intelligence and blockchain. Therefore, it is critical that these companies consider cybersecurity as an integral part of their strategy, as cyber threats continue to increase and will look for any vulnerability or failure in the network, systems or processes.
According to BeDisruptive's CTI leader Ivan Portillo, insurers are attractive targets for identity theft, financial fraud and extortion due to the large amount of confidential and financial data they handle. Although only 2% of cyber attacks are related to data breaches, experts warn about the significant impact this can have. The complexity of insurers' systems and processes can expose them to more exploitable vulnerabilities, such as gaps in network security, weak encryption protocols or unsecured authentication for users or devices, making it easier for cybercriminals to gain unauthorized access or steal sensitive information.
BeDisruptive emphasizes the importance of insurance companies adopting a proactive cybersecurity strategy. This involves constantly analyzing systems, access and communications in the supply chain, paying special attention to authentication processes. They also recommend conducting periodic audits to assess the risk of information leaks in light of new vulnerabilities or threats.
Finally, one of the key aspects of the process is the implementation of programs to raise awareness of corporate security among all employees. According to Portillo, employees are the first line of defense against any type of attack and it is essential to involve them actively in the security strategy.
Source: Galilea Group
