Benjamin Purkiss is Underwriting Manager at Coverys European Holdings. As part of The Certified Cyber Insurance Specialist (CCIS) training, he completed a broad overview of cyber risk in the UK insurance industry.
The UK insurance & long-term savings industry is one of the world’s most mature such marketplaces and is a staple of the UK economy, contributing over £30 billion. Considering the size of the market, the industry holds £1.8 trillion in invested assets, which is around 25% of the total net worth of the UK. Additionally, this market is one of the largest employers in the UK, with around 320,000 total people employed and 920 registered general insurance companies.
The Technology Landscape in the UK Insurance Industry
The digital environment of the UK insurance industry is complex and vast. At any given moment, there are multiple systems and digital infrastructures at work within an insurance company, such as underwriting platforms that digitize pricing, quote and policy management, CRM management, online direct-to-consumer websites, call centres, finance systems, MI/BI tools, and more. Some of this tech is hosted and managed internally, however, many aspects are outsourced to third-party vendors. Over time, this increase in technological sophistication and outsourcing means that insurers have greatly increased their exposure to cybercrime; there are significantly more access points and much larger attack surfaces than ever before. Additionally, considering the vast amount of data that is stored by insurance companies, the size of their cash flow, and the potential for high levels of damage or interruption, insurers are seen as potentially lucrative targets for cybercriminals.
Cyber Threats to the UK Insurance Industry
The UK insurance industry is susceptible to both internal and external threats. Considering the number of people employed in the UK insurance industry, this does significantly increase the risk and odds that cybercriminals will be successful. Internally, the insurance market is always at risk, whether it be unhappy employees, accidental actions, or even corruption. Alongside this, external threats are a huge issue for the insurance industry due to the considerable size of such companies and the amount of data stored, which lends to a higher chance of cybercrime. The attack vectors to which the insurance industry is vulnerable are phishing or SMishing or direct access to local hardware and social engineering.
Fortunately, the insurance market is consciously aware of the risks and deploys training to staff and utilizes advanced IT network security and protocols. However, considering the diverse range of companies within the market, ranging from a small office of 1-3 people to very large corporations, this is not always the case across the entire insurance supply chain. What is more, considering the level of outsourcing and the technological integration of insurance intermediaries and service providers in the market, the risk of a supply chain attack or accidental spreading of malware is high.
Cyber Insurance Academy?
We are the global standard for accredited cyber insurance certification, with +4,000 Members from +40 countries.