This article was produced in partnership with Intact Insurance.
Bethan Moorcraft, of Insurance Business, sat down with Rick Morris, national director, Broker Solutions, Intact Insurance, and Basil Crosbie, president of Crosbie Job Insurance Limited, to discuss practical cybersecurity measures brokerages can invest in to mitigate the consequences of cyberattacks.
As the frequency of cyberattacks continues to increase in the insurance industry, it is not a matter of if, but when brokers will suffer a cyberattack or breach. Fortunately, once brokers are aware of their vulnerabilities, they can take action to strengthen their security posture and prepare their response.
“Cyberthreats are an existential risk for the insurance industry,” said Rick Morris (pictured), national director, Broker Solutions, at Intact Insurance. “Brokers and insurers are desirable targets because of the value and volume of personal information that we carry. The first thing we need to do to protect ourselves is to stop thinking that we’re too insignificant to be attacked.”
If you think that bad actors only target large companies with deep pockets and the ability to pay substantial ransoms, think again.
“Every business is vulnerable to cyberattacks and breaches,” said Morris. “While larger companies may have deeper pockets, they also have more resources to invest in cyber protection. Smaller businesses often invest less in cyber protection, and so may be more exposed to breaches.”
And, the consequences of a breach are often more severe for a small business: 60% of small-to-medium sized enterprises that experience a cyber breach are out of business within six months, according to the Blackberry 2022 Threat Report.
Practical cybersecurity measures protect both brokers and their customers. It’s important these measures are taken proactively, and practiced “just like any other business continuity procedure like fire drills or earthquake response,” explained Morris.
One effective cybersecurity control that experts urge data-sensitive businesses to implement is multi-factor authentication (MFA). MFA requires the user to provide two or more verification methods to gain access to a resource such as an application, an online account, a corporate network, or a VPN. A strong password and MFA program can keep bad actors from gaining access to a system.
Morris also noted the importance of software patching and regular reviews of systems, networks, and applications for updates that fix security vulnerabilities - an essential defence against ransomware. Should an incident occur, Morris counsels brokers to have segmented backups that they can use to recover information or systems.
These measures are among the many cybersecurity practices woven into business processes at Crosbie Job Insurance Limited, an independent Newfoundland brokerage. Two-factor authentication on its VPN user accounts and its internal email is just the beginning.
“We have multiple layers of protection in place,” explained Basil Crosbie (pictured below), president, Crosbie Job. These include anti-virus and anti-spyware tools as well as strict incoming firewall rules. The defense measures are deployed both on routers and on individual computers.
Crosbie Job also follows a regimented back up routine. “We have nightly backups in place that replicate offsite and that allow you to go back to various periods of time—we’re not just overwriting the latest backup,” said Crosbie.
Multiple layers of protection are key to keeping brokers safer, according to Crosbie. “Do not rely on just one vendor. Have offsite backups to ensure that a disaster does not destroy all of your backup copies. Have two-factor authentication enabled on everything it can reasonably be enabled on.”
Implementing these measures does carry a price tag. Morris suggested brokers view them as an investment in the future of their business.
“The reputational damage that comes with these attacks lingers for a long time,” Morris told Insurance Business. “Cybersecurity measures may cost money, but the expense pales in comparison to the potential losses.”
As brokers invest in robust cybersecurity measures, Crosbie reminds them to continue to educate, and re-educate, employees on the basics. Multi-factor authentication won’t be effective if individual passwords are weak. “Ensure all passwords are strong, long, and do not contain any aspect of a user’s personal identity,” he said. To be extra safe, Crosbie suggests brokers use a password generator instead of allowing teams to pick and change their own passwords.
Big or small, broker or carrier, any business operating today needs to assume that a breach will eventually occur. Developing a formal breach response plan beforehand helps to minimize the impact of the attack and to speed up recovery.
“Being prepared lets you act quickly,” said Morris. “A quick response can help make sure ‘small’ breaches, if there is such a thing, don’t turn into massive headaches.”
An effective breach response plan includes an inventory of data, hardware, and employees, as well as current contact information for employees, vendors, service providers, customers, legal representatives, and banks. It sets out who needs to do what and within what time frame, and includes key messaging to stakeholders.
As with all cybersecurity measures, to be effective, the breach response plan needs to be reviewed, updated, and communicated with all key stakeholders on a regular basis.
“Cyber risk is a challenging adversary because it is always evolving,” said Morris. “That means we need to keep on evaluating and updating all of our cybersecurity measures constantly. As threats evolve, our response to them needs to evolve too.”