In an increasingly digitized landscape, cybersecurity stands as the linchpin of trust and operational integrity for independent insurance agencies. However, a recent storm is silently brewing, one that carries significant implications —unreported cyberattacks.
A concerning survey by Keeper Security, the leading provider of zero-trust cybersecurity software, unveils the extent of this issue in their latest report: Cybersecurity Disasters Survey: Incident Reporting & Disclosure.
Key Findings from Keeper Security’s Survey:
Hiding the Facts:
- A startling 48% of respondents knew of cyber incidents that were not reported to required external authorities
- Additionally, 41% of cyber incidents were kept hidden from the internal leadership
- 74% stated that they knew a cyberattack would negatively impact business operations
Fear and Guilt among IT Leaders:
- Nearly 75% of those who didn’t report an incident felt “guilty” about hiding it
- Fear of “repercussions” stood as the primary reason for non-disclosure at 43%
- 40% said they failed to report an attack in an attempt to avoid negative financial impacts
- 36% felt that it was “unnecessary” to report a cyberattack
- 32% said they “forgot” to report it to their leadership team
Poor Reporting Infrastructure:
- A significant 22% stated that their organizations lacked a system for reporting breaches to leadership
- 48% felt that their leadership team would not care about the cyberattack
Implications for Insurance Agencies:
Undermined Client Trust: Insurance is a business built on trust. Any underreporting or non-disclosure of cyber incidents could significantly erode this trust and tarnish the reputation of insurance agencies.
Flawed Policy Underwriting: Accurate reporting of cyber incidents is crucial for effective policy underwriting. Misrepresentation of risks could lead to inadequate policy formulations, exposing both the agencies and their clients to unforeseen liabilities.
Misguided Premium Determination: Without the correct data, premiums might be set too low or too high, potentially leading to financial losses or disputes during claim settlements.
Ineffective Risk Management: Transparent disclosure of cyber incidents is pivotal for robust risk management strategies. A culture of non-disclosure can severely reduce the ability to respond to and mitigate cyber risks effectively before they cause damage.
Impact of Non-disclosure by IT Leaders:
Potential Legal Repercussions: Non-disclosure of cyber incidents to the appropriate authorities, such as NY DFS, could violate regulatory compliance requirements, inviting legal actions, fines, or even the revocation of licenses.
Operational Disruptions: Without the full picture of the cyber threats faced, insurance agencies might find themselves inadequately prepared for similar future attacks, resulting in operational disruptions and financial losses.
Reputational Damage: Being seen as an entity that hides cyber incidents can seriously damage an agency’s reputation. This, in turn, can lead to a loss of clientele and deter potential clients.
Insurance Claim Complications: Failure to report cyber incidents timely could complicate insurance claims, both for the agency and its clients, especially when it comes to claims validation and settlement.
The Road Ahead:
The data emphasizes the dire need for a shift in organizational culture towards a more open and accountable reporting of cyber incidents. Insurance agencies, standing at the forefront of financial and data management, must spearhead this change.
Educating Clients: Making clients aware of the critical importance of timely and accurate reporting of cyber incidents and its impact on their insurance coverage.
Fostering a Culture of Transparency: Encouraging an environment where reporting of cyber incidents is seen as a step towards fortifying against future threats rather than a detriment or punishable offense.
Implementing Robust Reporting Systems: Establishing clear protocols and systems for reporting and managing cyber incidents to ensure that both the agency and its clients are well-prepared to face the digital threats of the modern era, such as MDR and next generation Multi-Factor Authentication.
The data from Keeper Security reveals a significant gap in the reporting of cyber incidents, driven by fear of repercussions and a lack of robust reporting systems. This silence around cyber threats not only risks legal and reputational damage but also undermines client trust. However, it also highlights an opportunity for change. By promoting transparency, enhancing education, and implementing solid reporting frameworks, insurance agencies can significantly bolster their defense against digital threats.
If you have that nagging suspicion of being wide open to cyberattacks, it’s time to act. Click here to secure a Free Cybersecurity Risk Assessment and know for sure where you stand. Don’t let unreported cyber incidents be your downfall; take the first step towards ensuring better cyber protections and maintaining client trust.