SecurityScorecard Report: 59% of Breaches Impacting Insurance Sector Caused by Third-Party Attack Vectors - Insurance News | InsuranceNewsNet

InsuranceNewsNet — Your Industry. One Source.™

Sign in
  • Subscribe
  • About
  • Advertise
  • Contact
Home Now reading Reinsurance
Topics
    • Advisor News
    • Annuity Index
    • Annuity News
    • Companies
    • Earnings
    • Fiduciary
    • From the Field: Expert Insights
    • Health/Employee Benefits
    • Insurance & Financial Fraud
    • INN Magazine
    • Insiders Only
    • Life Insurance News
    • Newswires
    • Property and Casualty
    • Regulation News
    • Sponsored Articles
    • Washington Wire
    • Videos
    • ———
    • About
    • Meet our Editorial Staff
    • Advertise
    • Contact
    • Newsletters
  • Exclusives
  • NewsWires
  • Magazine
  • Newsletters
Sign in or register to be an INNsider.
  • AdvisorNews
  • Annuity News
  • Companies
  • Earnings
  • Fiduciary
  • Health/Employee Benefits
  • Insurance & Financial Fraud
  • INN Exclusives
  • INN Magazine
  • Insurtech
  • Life Insurance News
  • Newswires
  • Property and Casualty
  • Regulation News
  • Sponsored Articles
  • Video
  • Washington Wire
  • Life Insurance
  • Annuities
  • Advisor
  • Health/Benefits
  • Property & Casualty
  • Insurtech
  • About
  • Advertise
  • Contact
  • Editorial Staff

Get Social

  • Facebook
  • X
  • LinkedIn
Newswires
Reinsurance RSS Get our newsletter
Order Prints
February 6, 2025 Reinsurance
Share
Share
Post
Email

SecurityScorecard Report: 59% of Breaches Impacting Insurance Sector Caused by Third-Party Attack Vectors

Business Wire

Report highlights need to address third-party risks as cybersecurity gaps threaten critical services and policyholder trust

NEW YORK--(BUSINESS WIRE)--
SecurityScorecard today released new research showing that 59% of breaches among the top 150 insurance companies involved third-party attack vectors, exposing critical vulnerabilities in the sector’s supply chain. These findings underscore the systemic risks posed by cyber threats to an industry responsible for safeguarding sensitive financial and personal information.

The insurance industry's interconnected network of carriers and reinsurers to brokers, claims processors, and specialized IT providers is essential for delivering services to hundreds of millions but also introduces significant cyber risks.

Andrew Correll, Senior Director of Cyber Insurability, said: “Insurance companies’ reliance on technology to manage daily operations has outpaced their ability to secure it. Cyber risks don’t stop at the first layer of defense — they extend deep into the supply chain, where vulnerabilities are harder to detect and even harder to mitigate. Addressing these risks requires a shift in how the industry prioritizes third-party security.”

Key findings

  • 28% of companies reported breaches — higher than the S&P 500 (21%) and double the U.S. energy industry (14%).

  • 59% of breaches involved third-party attack vectors, the highest rate observed so far and more than double the global cross-industry average of 29%. Third-party software & IT caused 50% of these breaches.

  • Insurance carriers were disproportionately affected by third-party breaches. Although carriers made up about 27% of the total sample, they represented 50% of the companies hit by third-party incidents.

  • More than half (56%) of companies had at least one compromised credential in the past two years.

  • Malware infections and device compromises affected 17% of companies last year.

  • The lowest-scoring cyber risk factors for the sector are application security, DNS health and network security. DNS health rarely ranks among these factors.

Cybersecurity recommendations for the insurance industry

Based on this analysis, the SecurityScorecard STRIKE team offers actionable insights for the insurance sector to strengthen its supply chain:

  • Strengthen third-party risk management for insurance carriers: Carriers face elevated third-party risks due to dependencies on low-scoring industry segments, including IT vendors and brokers. Focus on high-risk partners to reduce vulnerabilities and address frequent breaches and credential compromises.

  • Ensure vendors have their own effective TPRM programs: Fourth-party risks from vendors’ suppliers are critical but often missed. Ensure vendors have strong TPRM processes to close supply chain gaps and prevent breaches like the MOVEit campaign.

  • Avoid paying ransomware demands: Paying ransoms encourages attacks, risks legal issues, and doesn’t ensure recovery. Avoiding payments helps deter criminals and protects the broader ecosystem.

Methodology

This report evaluates the SecurityScorecard ratings and publicly available breach histories of the top 150 companies in the insurance sector to offer clear insights into the state of cybersecurity across the sector. The research organizes the supply chain into five main segments: Insurance carriers; Reinsurance companies; Agencies and brokers; Third-party claims processors and administrators; and Insurance-specific software and IT products and services.

The list of 150 companies was carefully assembled using reliable insurance industry publications and rankings, ensuring accuracy and depth in the findings.

Additional resources

  • Download “A Cyber Security Assessment of the Insurance Industry Supply Chain”

  • To learn more about SecurityScorecard threat intelligence, visit our website.

About STRIKE

The STRIKE threat intelligence team combines unique threat intelligence, incident response experience, and supply chain cyber risk expertise. Backed by SecurityScorecard technology, STRIKE is a strategic advisor to CISOs worldwide, empowering the entire digital ecosystem to identify, measure, and resolve cyber risk.

About SecurityScorecard

Funded by world-class investors, including Evolution Equity Partners, Silver Lake Partners, Sequoia Capital, GV, Riverwood Capital, and others, SecurityScorecard is the global leader in cybersecurity ratings, response, and resilience, with more than 12 million companies continuously rated.

Founded in 2014 by security and risk experts Dr. Aleksandr Yampolskiy and Sam Kassoumeh, SecurityScorecard’s patented security ratings technology is used by over 25,000 organizations for enterprise risk management, third-party risk management, board reporting, due diligence, cyber insurance underwriting, and regulatory oversight.

SecurityScorecard makes the world safer by transforming how companies understand, improve, and communicate cybersecurity risks to their boards, employees, and vendors. SecurityScorecard achieved the Federal Risk and Authorization Management Program (FedRAMP) Ready designation, highlighting the company’s robust security standards to protect customer information, and is listed as a free cyber tool and service by the U.S. Cybersecurity & Infrastructure Security Agency (CISA). Every organization has the universal right to its trusted and transparent Instant SecurityScorecard rating. For more information, visit securityscorecard.com or connect with us on LinkedIn.

View source version on businesswire.com: https://www.businesswire.com/news/home/20250206369768/en/

Media Contact
Allison Knight
10Fold for SecurityScorecard

[email protected]

Source: SecurityScorecard

Older

Amerisure Modernizes Policy Administration, Underwriting, and Billing Management Capabilities with Guidewire to Increase Business Agility

Newer

Factsheet January 2025

Advisor News

  • The overlooked retirement security risk that must be addressed
  • What advisors should know about hedge funds in retirement planning
  • Retirement control is top success measure for middle class, ACLI says
  • Industry groups applaud House passage of Financial Exploitation Prevention Act
  • Younger workers more likely to be eligible for a retirement plan after changing jobs
More Advisor News

Annuity News

  • Malibu Life Holdings Completes Acquisition of TruSpire, Establishing Malibu USA and Accelerating Entry into the U.S. Retail Annuity Market
  • Why job boards are failing insurance agencies
  • MassMutual Ranks No. 100 on the 2026 Fortune 500® List
  • What’s fueling record annuity growth?
  • Jackson Named InvestmentNews 2026 Annuities Provider of the Year
More Annuity News

Health/Employee Benefits News

  • How health insurers get a free pass to deny coverage from a 52‑year‑old law meant to protect worker pensions
  • Reports from Capital One AG Describe Recent Advances in Managed Care (Factors Affecting Medical Appointment Adherence among Adolescents and Young Adults with Kidney Disease: A Longitudinal Cohort Study): Managed Care
  • Studies from University of Alabama Further Understanding of Neurology (Understanding stroke caregiving in rural contexts: a qualitative study of family caregivers’ cultural values, coping behaviors, and technology use): Health and Medicine – Neurology
  • New state law will create more transparency of dental insurance benefits
  • Rob Sand pledges to reverse Iowa Medicaid privatization
More Health/Employee Benefits News

Life Insurance News

  • NAIFA praises House committee approval of Clarity for Compensation Act
  • PHL Variable liquidation pushed out to 2027, Connecticut regulators say
  • ‘Recession-Proof’ Insurance Is Trending. Safety Net or Scam?
  • Winged Keel Group Expands National Presence and PPLI Leadership, Welcomes SBSI, Inc. (dba NFP Insurance Solutions)
  • MassMutual Ranks No. 100 on the 2026 Fortune 500® List
More Life Insurance News

NEWS INSIDE

  • Companies
  • Earnings
  • Economic News
  • INN Magazine
  • Insurtech News
  • Newswires Feed
  • Regulation News
  • Washington Wire
  • Videos

FEATURED OFFERS

Life moves fast. Your BGA should, too.
Stay ahead with Modern Life's AI-powered tech and expert support.

A MYGA for Clients Hesitant to Commit to One Long-Term Rate
First-year certainty. Annual rate updates. Get the CurrentRate® MYGA Sales Kit.

Elite Networking & Insights Await at the Event of the Year
The industry's premier conference for leaders driving what’s next in financial services.

Press Releases

  • Prosperity Life GroupSM Launches Prosperity PathWaySM Series, Bringing Greater Choice and Flexibility to Retirement Income Planning
  • Senior Market Sales® Fortifies Annuity Reach With Acquisition of Retirement Planning Firm Stratton & Company
  • RFP #T01625
  • Rockwood Programs Appoints Kerry Ladouceur as Vice President, Financial Lines
  • JP Insurance Group Launches Commercial Property & Casualty Division; Appoints Joe Webster as Managing Director
More Press Releases > Add Your Press Release >

How to Write For InsuranceNewsNet

Find out how you can submit content for publishing on our website.
View Guidelines

Topics

  • Advisor News
  • Annuity Index
  • Annuity News
  • Companies
  • Earnings
  • Fiduciary
  • From the Field: Expert Insights
  • Health/Employee Benefits
  • Insurance & Financial Fraud
  • INN Magazine
  • Insiders Only
  • Life Insurance News
  • Newswires
  • Property and Casualty
  • Regulation News
  • Sponsored Articles
  • Washington Wire
  • Videos
  • ———
  • About
  • Meet our Editorial Staff
  • Advertise
  • Contact
  • Newsletters

Top Sections

  • AdvisorNews
  • Annuity News
  • Health/Employee Benefits News
  • InsuranceNewsNet Magazine
  • Life Insurance News
  • Property and Casualty News
  • Washington Wire

Our Company

  • About
  • Advertise
  • Contact
  • Meet our Editorial Staff
  • Magazine Subscription
  • Write for INN

Sign up for our FREE e-Newsletter!

Get breaking news, exclusive stories, and money- making insights straight into your inbox.

select Newsletter Options
Facebook Linkedin Twitter
© 2026 InsuranceNewsNet.com, Inc. All rights reserved.
  • Terms & Conditions
  • Privacy Policy
  • InsuranceNewsNet Magazine

Sign in with your Insider Pro Account

Not registered? Become an Insider Pro.
Insurance News | InsuranceNewsNet