Cybersecurity and Insurance: Why Hackers Target Insurance Companies

Michael Pittenger

Malicious hackers may be criminals, but they are also rational.  They want to steal data that has a lot of value and large numbers.  Attacks on retailers and hotels can yield high volumes; the attack on Heartland Systems in 2009 exposed 160 million cards, ten years later hackers stole 106 million records from Capital One, and Marriott lost records on over 500 million customers in 2016, including credit card information on over 100 million.

Those are certainly eye-popping numbers, but what are those records worth?  According to Experian, if the credit cards included a CVV number, they could bring $5 each on the dark web.  Theoretically, these are $500 million breaches.

Now compare that to the Baltimore-based breach at CareFirst BlueCross BlueShield.  

Who?

You may not remember this 2015 breach on the health insurance provider.  After all, it only yielded about 1.1 million individuals.  Why would attackers target such a relatively low number of records?

Back to Experian – the significance of the attack is the quantity of records times the value per record.  If the CareFirst records included diagnostic codes, employment information, and medical histories, each record could return up to $1,000 – over 200 times the value of a credit card number.  This “small” breach could potentially return more than the Marriott breach.

The type of information available is what drives attacks.  It’s easy to see why insurance companies are attractive targets.  Learn more in our new white paper about cybersecurity for insurance companies.

Previous Article
After CCPA, what’s next? A look at US and global privacy trends.
After CCPA, what’s next? A look at US and global privacy trends.

Learn more about how the CCPA has put pressure on some of the largest tech companies to re-evaluate how the...

Next Article
Balancing Speed With Security in Application Development
Balancing Speed With Security in Application Development

In order to respond to changes quickly, organizations aim for faster deployments of software so they can re...