Cybersecurity and Insurance: Why Hackers Target Insurance Companies

February 27, 2020 Michael Pittenger

Malicious hackers may be criminals, but they are also rational.  They want to steal data that has a lot of value and large numbers.  Attacks on retailers and hotels can yield high volumes; the attack on Heartland Systems in 2009 exposed 160 million cards, ten years later hackers stole 106 million records from Capital One, and Marriott lost records on over 500 million customers in 2016, including credit card information on over 100 million.

Those are certainly eye-popping numbers, but what are those records worth?  According to Experian, if the credit cards included a CVV number, they could bring $5 each on the dark web.  Theoretically, these are $500 million breaches.

Now compare that to the Baltimore-based breach at CareFirst BlueCross BlueShield.  

Who?

You may not remember this 2015 breach on the health insurance provider.  After all, it only yielded about 1.1 million individuals.  Why would attackers target such a relatively low number of records?

Back to Experian – the significance of the attack is the quantity of records times the value per record.  If the CareFirst records included diagnostic codes, employment information, and medical histories, each record could return up to $1,000 – over 200 times the value of a credit card number.  This “small” breach could potentially return more than the Marriott breach.

The type of information available is what drives attacks.  It’s easy to see why insurance companies are attractive targets.  Learn more in our new white paper about cybersecurity for insurance companies.

Previous Article
How Much Is Your Personal Data Really Worth on the Dark Web?
How Much Is Your Personal Data Really Worth on the Dark Web?

Next Flipbook
Why Hackers Target Insurance Companies
Why Hackers Target Insurance Companies

Find out how our solution builds security and compliance into software.

Get a Free Demo