Cybercrime Targeting Insurance Industry

By

The words “breach” or “hacked” can instantly trigger panic, especially in the insurance industry, where the data at stake is incredibly sensitive. As cyberattacks grow more frequent and sophisticated, insurers are being targeted with increasing precision. These incidents aren’t just an IT issue, but rather a problem that can disrupt your business, damage customer trust, and create compliance headaches.  

Why is Insurance Being Targeted?  

Insurance carriers store a goldmine of personally identifiable information (PII), health and financial data, and business-critical documents. Hackers know this, which is why they utilize tools at their disposal to exploit it.  

In June, Erie Insurance experienced a significant cyberattack, resulting in a partial network shutdown that lasted weeks. While forensic investigations found no evidence of stolen personal data, lawsuits alleging a ransomware attack are already underway.  

Allianz Life Insurance company of North America also confirmed a breach that impacted the data of most of its 1.4 million customers. The attacker gained access via a third-party, cloud-based vendor system, acting as a reminder that even external factors and weaknesses can have severe consequences.  

Scattered Spider and the Rise of Targeted Attacks 

One of the most active hacking groups in cybercrime is Scattered Spider. They’ve hit major insurers including Erie, Aflac, and Philadelphia Insurance companies using tactics like:  

  • Social engineering and impersonation through call centers 
  • Exploiting internal systems and staff credentials 
  • Partnering with ransomware groups like DragonForce 

By compromising insurance systems, these groups can steal data and also identify future targets in related industries, potentially clients across healthcare, legal, or financial services.  

While AI has been a game-changer for cybersecurity, on both sides of the spectrum, its presence in attacks has largely been used as a catalyst. Hackers can now clone voices, mimic writing styles, and automate phishing attempts, but these techniques are typically layered onto already proven methods like credential theft and social engineering.  

How can Agencies Protect Themselves and Clients?  

If you find one of your carriers has become the target of a cybercrime attack, it’s important to play an active role in managing client expectations but not overstepping or overpromising in your role. Nancy Germond, Big “I” Executive Director of Risk Management and Education states “It can be tempting to bend procedures in the name of customer service, but that’s when errors and omissions risks are at their highest, so don’t.”  

With the rise of hacking attempts in the industry, Big “I” released four tips to consider when your carrier gets hacked.  

While preventing carriers from getting hacked is largely out of your control as their agency partner, you do have control over how you prepare and respond to your own cyber breaches. Every agency should understand what’s covered under its own Cyber Liability and E&O insurance policies and should be actively engaging with those carriers to access risk assessments, training modules, and response playbooks. Cyber defense isn’t one-size-fits-all—but having a tailored, tested plan in place can be the difference between rapid recovery and total business shutdown. 

Proactive tools like the BIG “I” Cyber-Readiness Self-Assessment is an excellent starting point in getting a plan together. This resource helps agencies identify vulnerabilities and create a stronger security posture. And in the event of a breach, time matters. Agencies must notify their E&O and Cyber carriers immediately, follow breach protocols, and document every step taken to mitigate the issue and remain compliant. 

To help agencies secure coverage that fits their cybersecurity needs, OIA has partnered with Arlington/Roe & Co., Inc. to offer members access to a specialized cyber protection program. This includes support tools, breach response coordination, and expert guidance before, during, and after a security incident. 

The bottom line? Cyberattacks are rising, and insurance is a prime target right now. No matter the size of your business, staying agile and prepared is essential to protect your clients, your brand, and your future. 

For more information or to get help preparing your agency, contact Jeanie Giesler, Resource Center Advisor, at (614) 552-3054 or via email at jeanie@ohioinsuranceagents.com.  If you’d like to learn more about OIA’s Cyber program, contact Stacy Rosenthal, E&O and Cyber Account Executive, at (614) 552-3058 or via email at srosenthal@ohioinsuranceagents.com.

About the Author

Jeannine Giesler, CISR, CPIA, and past President of the OIA Board of Directors, Foundation for the Advancement of Insurance Professionals, currently serves as Resource Center Advisor for the OIA. The purpose of the Resource Center is to contribute to building a comprehensive library of resource materials for our members. We pride ourselves on being the one-stop shop for all OIA members and work to solve every problem or situation you may come across.

 

 

Sources: 

Allianz Life data breach affects majority of 1.4 million U.S. customers, insurance company says
Written by: CBS News, July 26, 2025 / 5:20 PM EDT AP 

Insurance Industry in the Cyber Crosshairs: Firms Urged to Reinforce Defenses
Written by: Gia Snape, Insurance Business

4 Things You Should Do If Your Carrier Has Been Hacked
Written by: Will Jones, Big “I”

BLOG ARCHIVE
Tags
advocacy agency merger agency nation agency ownership agency valuation agent story awards blog claims commercial insurance content marketing coronavirus coverages COVID-19 customer experience cyber insurance cyber threat data data breach digital marketing E&O e&o coverage election errors and omissions hiring & training IACON17 Independent Agent insurance insurance companies insurtech legislation marketing mission matters next-gen ohio supreme court oia perpetuation personal lines professional development recruiting risk management social media technology valuation wahve

Success Starts Here

Sign up for our newsletter today!

This is an OIA member benefit, please log in to confirm your membership before signing up! Not a member? Contact Andrea Heiss at andrea@ohioinsuranceagents.com!