Most Breaches Now Start With Stolen or Tricked User Access Attackers focus on fooling employees or support desks to gain access to email, portals, or payment systems. Once inside, they move quickly to sensitive data or money movement processes. What insurance leaders should care about: A single successful impersonation can lead to fraudulent payments, compromised broker portals, or a wider business interruption event
|
|
|
|
|
AI-Powered Impersonation is Accelerating Fraud Risk Criminals now use AI to produce convincing emails, voice messages, and video that appear to come from executives, brokers, or vendors that often request urgent payment or account changes. What insurance leaders should care about: Traditional “trust the sender” habits no longer work. Payment instruction changes and urgent claim disbursements are prime targets.
|
|
|
Third-Party Vendors Remain the Fastest Route Into Insurance Operations Claims administrators, TPAs, broker platforms, call centers, MSPs, and niche software providers continue to be common entry points for attackers even when the insurer’s internal controls are strong. What insurance leaders should care about: A vendor incident can stop claims processing or force regulatory reporting, even if your own systems were not breached.
|
|
|
|
|
New York Sets The Response Standard While Other States Follow The Outcome The New York Department of Financial Services (NYDFS) now expects rapid executive decisions, documented incident actions, and fast regulator notification during cyber extortion or major incidents. While other state rules may differ, regulators assess the same fundamentals after an event: governance, oversight, containment, and communication. This also aligns with the NAIC work on Model #668 which is also moving toward more consistent compliance and enforcement approaches across states. What insurance leaders should care about: In a crisis, regulators will judge how quickly and decisively leadership acted, not just what technology was in place.
|
|
|
|
|
Even as the U.S. cyber insurance market cooled in 2024, NAIC reported cyber claims rose nearly 40% (to nearly 50,000). Source report: (2025 Cybersecurity Insurance Report) What insurance leaders should care about: NAIC data shows cyber claims rising despite a cooling insurance market, meaning that cyber incidents are now a predictable business risk, and coverage strategy must keep pace with operational and third-party exposure.
|
|
|
Priority Actions for Insurance Leaders (Next 60 Days)Priority 1 — Map critical third-party dependencies Identify which vendors can stop claims, billing, or money movement if they fail and ensure contracts require fast breach notification and minimum-security standards.
Priority 2 — Prepare a regulator-ready incident decision package Define who makes crisis decisions, how extortion or fraud events are escalated, what gets documented, and when regulators must be notified aligned to NYDFS-style expectations. Priority 3 — Run one realistic executive tabletop exercise Scenario: vendor compromise → claims disruption → extortion threat → attempted fraudulent payment change. Measure time-to-decision and communication readiness.
|
Our greatest cyber risk is not a data breach – it’s operational disruption and financial fraud triggered through people and third parties. Prepared leadership response is now the key control.
|
|
|
If any of these risks resonate, this is the right time to pressure-test your preparedness. → Reply to this email to talk it through, or forward it to the leaders who would be making decisions under pressure.
|
|
|
|
|