Triple-I/Fenix24 Report Identifies Emerging Cybersecurity Priorities for Insurers
The
The report found that while property/casualty insurers have made impactful cybersecurity investments, gaps remain in areas including patching cadence, authentication practices, and recovery testing, which are all weaknesses that could complicate responses to today’s threat environment. The report draws on a series of conversations with insurance industry executives, with questions aligned to best practices, regulatory requirements and security controls commonly required in cyber insurance underwriting.
“Insurers occupy a paradoxical position in the cybersecurity landscape,” said
“Most organizations have tested their recovery plans for natural disasters or standard IT outages, but not for ransomware attacks,” said
A Growing Market Facing Evolving Threats
The cyber insurance market reached
Key Findings
The report identified strengths and areas for improvement across several critical cybersecurity domains:
- Immutable Backups and Recovery: Most insurers implement immutable backups across critical system categories, and most report meeting recovery time objectives for their highest-tier systems. However, recovery tests are often conducted under ideal conditions on a single system rather than across full network recovery, creating a potential gap when a real incident strikes.
- Credentials and Access Management: All participating insurers use corporate password vaults and enforce strong password complexity, with user passwords averaging more than 13 characters. All require multi-factor authentication (MFA) for administrative accounts. However, some organizations still permit less secure MFA methods such as SMS messages and email confirmation, which are approaches with known limitations that threat actors frequently exploit.
- Browsing Controls and Attack Surface Management: Most insurers implement DNS filtering and block peer-to-peer file transfer and web-based email sites, which are effective measures for limiting threat actor access. Some organizations use “split tunneling,” which allows employee internet browsing outside of VPN encryption, improving user experience but increasing exposure to phishing, malware and “man-in-the-middle” attacks.
- Patching and Risk Management: All participants conduct penetration testing, including social engineering scenarios targeting help desk personnel, which recognizes human defenses are as critical as technical ones. However, only about half deploy security patches monthly. In today's threat environment, adversaries often exploit newly disclosed vulnerabilities within hours or days of public disclosure, making accelerated patch cycles an emerging best practice.
Preparation Over Perfection
The study emphasizes systematic preparation, such as tested recovery capabilities and faster patch cycles, over the pursuit of any single “perfect” security solution. Insurers, like all businesses, must balance cybersecurity with user experience and operational performance, making thoughtful risk management essential.
“The difference between resilience and disaster lies not in perfect prevention but in systematic preparation, validated recovery capabilities and organizational commitment to continuous security improvement,” the report concluded.
About the
Since 1960, the
About Fenix24
Fenix24™ is the global leader in breach recovery, providing assured and battle-tested cyber resilience solutions. With a mission to redefine how organizations recover from cyber incidents, Fenix24 combines expert-driven response, cutting-edge technology, and a proven track record of restoring businesses faster and more securely than ever before.
For more information, visit www.Fenix24.com.
Fenix24 is the "world's first civilian cybersecurity force," with four time-tested battalions:
Fenix24™ / Ransomware rapid response, remediation and recovery
Athena7™ / IT security assessments, strategy and planning
Grypho5™ / Ongoing, security-based management
Argos99™ / Expert insights into data, assets and infrastructure
About The Institutes
The Institutes® are a not-for-profit comprised of diverse affiliates that educate, elevate, and connect people in the essential disciplines of risk management and insurance. Through products and services offered by The Institutes' 20 affiliated business units and backed by more than 115 years of experience as a trusted knowledge partner, we empower people and organizations to help those in need with a focus on understanding, predicting, and preventing losses to create a more resilient world.
The Institutes is a registered trademark of The Institutes. All rights reserved.
View source version on businesswire.com: https://www.businesswire.com/news/home/20260402960701/en/
Media Contacts
[email protected]
Fenix24
[email protected]
Source:



NBC NEWS: 'HOSPITAL COSTS ARE RISING FAR FASTER THAN INFLATION AND DROWNING AMERICANS IN DEBT'
WARREN, SENATORS PUSH DR. OZ TO TACKLE MEDICARE ADVANTAGE ABUSE
Advisor News
- The 3 things that shrink your Social Security income
- Proposed legislation takes aim at Social Security shortfall
- The overlooked retirement security risk that must be addressed
- What advisors should know about hedge funds in retirement planning
- Retirement control is top success measure for middle class, ACLI says
More Advisor NewsAnnuity News
- Trademark Application for “EMPOWER YOUR MONEY” Filed by Empower Annuity Insurance Company of America: Empower Annuity Insurance Company of America
- Built-in guaranteed annuities: What advisors should know
- Malibu Life Holdings Completes Acquisition of TruSpire, Establishing Malibu USA and Accelerating Entry into the U.S. Retail Annuity Market
- Why job boards are failing insurance agencies
- MassMutual Ranks No. 100 on the 2026 Fortune 500® List
More Annuity NewsHealth/Employee Benefits News
- Yorktown eyes budgeting options to cope with insurance rate spike
- New Managed Care Findings Reported from Harvard University T.H. Chan School of Public Health (Using prescription drug data for timely assessments of state insurance coverage rates: a validation study): Managed Care
- Reports from Michelle Cornette and Co-Researchers Add New Data to Findings in Managed Care (Enhancing Medicaid Behavioral Health Crisis Reporting: A Multisource Approach to Capturing Crisis Service Events): Managed Care
- New Managed Care Findings from University of California San Francisco (UCSF) Outlined (Medicaid patients have decreased access to urologic care: a nationwide cross-sectional study): Managed Care
- How Medical Bills Are Handled After a Personal Injury Accident in Atlanta
More Health/Employee Benefits NewsLife Insurance News
- Best's Review Leaders Issue Ranks Top Global Brokers and More
- Fortitude Re Announces $3.8 Billion Long-Term Care Reinsurance Agreement with Unum Group
- Unum Group Announces $3.8 Billion Long-Term Care Reinsurance Transaction with Fortitude Re
- Before you debate premium financing, understand the bigger picture
- NAIFA praises House committee approval of Clarity for Compensation Act
More Life Insurance News