General Insurance Article - Insurers unprotected from hybrid working cyber threats


44% of UK insurance firms and underwriters admit to having inadequate cyber threat visibility and detection systems to protect employees working remotely, with firms unaware of the volume of cyber attacks and data breaches impacting their remote workforce, new research has found.

 A third of firms feel that their IT environment is more vulnerable to a cyber or data breach with employees working outside the office, yet 58% expect the hybrid office to stay.
 
 The study examining the cyber and data security practices of 750 UK insurance firms and underwriters, and 500 employees since the start of the pandemic, also found that 1 in 5 employees are closing more deals and winning more business since working remotely with over a third attributing this to ‘being able to work faster at home.’
 
 Employees breached while working from home, unknown to firms
 
 52% of the insurance firms and underwriters polled by Doherty Associates for its report ‘Who Moved My Moat? The cyber security risks of home and hybrid working - what finance and law firms need to know’ say their organisation has yet to experience a cyber attack or data breach since transitioning to remote working since March 2020 lockdown.
 
 A quarter of employees, however, said they have been the victim of a data breach or caused one themselves since working remotely, suggesting that employees are not reporting all of the mistakes they make to the firm. One in seven experienced a phishing attack or similar cyber attack and 46% admitted to emailing confidential client information or unencrypted attachments.
 
 Only half of the firms surveyed have carried out a cyber risk assessment since working remotely, and 25% admit, “we can’t guarantee security on every device used out of the office.” Yet one in five said the cost of a major cyber or data breach to the business could be anywhere from £10 million to £50 million or more.

 Terry Doherty, CEO of Doherty Associates commented: “‘It’s great to see that deal making and new business remains strong through the pandemic, thanks to the flexibility and collaboration made possible by the adoption of cloud technology. However, insurance firms and underwriters have always been attractive targets for cyber criminals due to the high value of transactions – and with home and hybrid working they can find themselves more vulnerable than ever.”
 
 “Unfortunately, attacks are common in the insurance and underwriting sector, particularly in this current climate of remote working, and the difference between how many firms are detecting breaches compared to the reality of them occurring does suggest that firms need better cyber defence postures that give greater visibility and detection to keep their remote workforce safe.”
 
 Employees’ bad cyber habits
 
 A third of employees in the insurance and underwriters sector surveyed by Doherty Associates said they’ve had no cyber awareness training since the first lockdown and over two thirds admit to ignoring virus security scan requests or computer update alerts to safeguard their company’s systems and sensitive data.
 
 82% confess to working on a blend of work and personal devices when working from home, with 53% admitting to saving confidential corporate information to these devices. But only 13% of firms have put a block on personal devices for work use.
 
 Terry Doherty continued: “Operating a remote workforce in the cloud has many benefits, including greater flexibility, diversity and lower overheads, but it’s critical to ensure that teams continue to operate safely, securely and are fully compliant with FCA and GDPR regulations wherever they are working from. With the Government’s lockdown roadmap underway, employers are starting to plan for when restrictions ease with many reporting that hybrid working is here to stay. With employees working outside of the office, using a blend of personal and company devices, firms no longer have a single ‘front door’ to protect but a multitude of entry points to secure against cyber criminals. This is why it’s critical for firms to have excellent cyber hygiene.
 
 “For maximum security but minimum disruption to teams, firms should also carry out a cyber risk assessment at least every six months, including penetration testing, to uncover any critical vulnerabilities or compliance issues. They should also ensure that all devices have multi-factor authentication, so employees keep their identity secure while working remotely. And they should build in comprehensive cyber awareness training for every employee, especially if they’re working outside of the office for the first time. Restrict use of personal devices and ensure that no company information is shared via personal cloud storage platforms where documents can easily be forgotten, and just as easily hacked.
 
 “Your company is only as safe as your weakest link and by empowering employees with the knowledge to identify threats in real-time, they can become your greatest security asset and help prevent cyber attacks”
  

Back to Index


Similar News to this Story

Health and wellbeing benefits boosts SME productivity
Research from the Association of British Insurers (ABI) shows that offering health and wellbeing benefits to staff can play a valuable role in boostin
Pay by mile pricing to be standard within four years
Research from By Bits has found that the motor insurance industry is heading towards usage-based pricing models, with 91% of insurers regarding it as
Car insurance prices hit seven year low as mileages plummet
Car insurance prices have fallen sharply to reach their lowest point since 2014, according to new research by MoneySuperMarket, with experts putting t

Site Search

Exact   Any  

Latest Actuarial Jobs

Actuarial Login

Email
Password
 Jobseeker    Client
Reminder Logon

APA Sponsors

Actuarial Jobs & News Feeds

Jobs RSS News RSS

WikiActuary

Be the first to contribute to our definitive actuarial reference forum. Built by actuaries for actuaries.