By Alvito Vaz
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has a list of bad cyber practices, all of which are common among insurance agencies:
- Use of unsupported or end-of-life software
- Use of known, fixed or default passwords and credentials
- Use of single-factor authentication for remote or administrative access to networked systems
Carriers and agencies cite competing priorities, expense and problems with operational interruptions as reasons for not implementing crucial cybersecurity measures. These objections can be short-sighted in view of the high severity of a breach.
IBM’s “Cost of a Data Breach Report: 2023” says, “Organizations with fewer than 500 employees reported that the average impact of a data breach increased from $2.9 million to $3.3 million,” a 13% increase from 2022. Organizations of more than 25,000 employees saw a 2.5% decrease in average losses from a data breach, to $5.4 million in 2023, the report states. Still, the financial hits for large companies are painful, with regulatory and reputational consequences, as well.
The risk of system shutdown from ransomware attacks and the potential costs of liability for the dissemination of proprietary information far outweigh the expense of protection. Happily, there are steps carriers and agencies can take that are comparatively inexpensive that will also improve efficiency in transactions.
