Cyber security

Managing cyber security risk is one of the top priorities for the Insurance sector. Cyber attacks in the insurance sector are growing. Cybercriminals are constantly probing for weaknesses in policy and claims systems as well as in platforms such as agency portals, online policy applications, web, and mobile apps.

Managing cyber risks is vital in the insurance industry. We work closely with organisations to understand their unique set of cyber threats and challenges, providing tailored and strategic advice and guidance. ​​ 

​We help assess, build and manage cyber security capabilities, from mitigating risks to ensuring compliance with industry regulations.​ 

Current market challenges

Targeted ransomware​ 
Ransomware continues to be a mechanism to extort organisations into paying ransom to restore systems and data. In 2020, ransomware remained one of the most significant challenges facing the insurance sector and this trend is continuing into 2021. Criminals are becoming increasingly more sophisticated and often use blended attacks (technical and social engineering). 

Supply chains attacks​ 
Supply chain attacks seek to breach targets by compromising associated third parties and using them as an attack vector. As many highly targeted industries continue to invest in and improve their security postures, compromising those industries through their supply chain is an effective way to evade many security controls. ​ 

Cloud adoption and security  
The rise of cloud usage also increases the risk of a data breach as many insurance companies are susceptible to denial of services (DoS) and hijacking attacks.  

How we can help

Our Cyber Security team comprises specialists who can help scope and execute a variety of risk-based cyber security engagements tailored to the insurance sector organisations including:​​ 

  • Cyber security maturity assessments, focussing on process and technology security to provide a comprehensive view of organisations’ current cyber security capabilities 
  • Cyber strategy and Roadmap development, focussing on improvement activities, prioritised by the top threats as well as target state maturity objectives 
  • Cyber threat and Crisis simulations, carried out against a set of tailored cyber threat scenarios, in order to identify operational security issues and test the insurance’s company ability to respond to simulated adversary activity 
  • Ransomware readiness reviews, focussing on controls designed to limit the impact of ransomware on business operations. 
  • ​Incident response simulations, helping organisations to identify improvement opportunities associated with cyber incident response 
  • ​Ethical hacking services, including penetration testing, phishing, ransomware simulation, threat led simulations (red-teaming), and purple teaming 

Explore our insurance services

Case study

We were engaged to conduct a cyber security maturity assessment and cyber-attack simulation for the Audit Committee and the C-Suite of an insurance company. 

The aim of this assessment was to help the client to strengthen their technology environment in line with industry good practice and help protect them against cyber attackers. ​ 

​Through the course of the engagement, we performed a global assessment of cyber security capabilities and on an ongoing basis have been working with the client to measure improvements in their cyber security posture, focussing on key threats.  ​ 

​We reported on cyber maturity improvements to the Audit Committee and Board at pre-determined periodic intervals. ​ 

​This helped the client:​ 

  • ​Articulate the desired state across cyber security capabilities; ​ 
  • Secure the required investment to address security weaknesses; and​ 
  • Increase the visibility of cyber threat risks at the executive level.  



National contacts