Insurance Industry Faces Rising Third-Party Cybersecurity Risks

Third-party vulnerabilities plague the insurance industry as 59% of breaches involve external partners, SecurityScorecard analysis finds.

By: R&I Editorial Team | February 13, 2025

A comprehensive study of 150 insurance-related companies reveals significant cybersecurity vulnerabilities in the industry’s supply chain, with 59% of reported breaches involving third parties and 23% of firms showing concerning security weaknesses, according to an analysis by SecurityScorecard.

The insurance industry’s cybersecurity landscape presents a complex picture, with both strengths and areas of concern, according to the report. On average, the insurance sector maintains a security score of 86 out of 100, placing it on par with other critical industries such as energy and aviation. This performance is encouraging, as it surpasses the global mean of 83 across more than 12 million organizations, according to SecurityScorecard.

A closer look at individual company ratings reveals that 77% of the 150 insurance firms analyzed boast strong or good security postures. However, this leaves a significant 23% with concerning weaknesses.

“Our analysis of the insurance industry’s security posture offers a mixed picture. Average security scores match those of other industries, yet 23% of companies have unsatisfactory ratings, which raises concerns,” the report noted.

Security Performance by Industry Segment

Within the insurance sector, a clear three-tier hierarchy has emerged in terms of cybersecurity performance, SecurityScorecard found. At the top tier, insurance carriers and reinsurers lead with impressive mean/median scores of 89/90 and 86/89, respectively. The middle tier consists of third-party claims administrators, scoring 86/88. At the bottom tier, agencies/brokers and insurance IT providers both score 83/85.

This stratification appears to correlate strongly with regulatory scrutiny, according to SecurityScorecard. Insurers and reinsurers, subject to stringent oversight and solvency requirements, demonstrate more mature cyber security practices. Their position at the core of the industry, coupled with the financial risks they manage, likely fosters a stronger risk management culture, the report’s authors reason.

In contrast, agencies, brokers, and IT providers face less regulatory pressure, which may contribute to their lower security scores. These segments often have larger attack surfaces due to their customer-facing nature or complex IT environments, potentially increasing their vulnerability to cyber threats, the report noted.

Geographic Variations

Cybersecurity performance in the insurance industry shows notable regional differences. Companies in the Americas and EMEA (Europe, Middle East, and Africa) regions demonstrate stronger security postures compared to their counterparts in APAC (Asia-Pacific). The Americas boast a mean/median score of 86/88, while EMEA closely follows with 87/87 and APAC lags behind with 84/85.

Within APAC region, the security ratings varied widely. For example, Australian companies ranked 92/90, Indian companies ranked 90/90, Japanese companies ranked 88/88 and Chinese firms ranked 79/79, the report noted.

“Chinese businesses already pose inherent third-party cyber risk due to Chinese government-sponsored cyber espionage. Now these lower security scores add another layer of concern for foreign partners,” SecurityScorecard stated. “The weaker security postures of Chinese insurance firms could unwittingly expose their overseas counterparts to third-party breaches and network compromises.”

Growing Third-Party Risk Challenge

The insurance industry is facing a mounting cybersecurity challenge, with a significant number of companies falling victim to data breaches. Recent industry analysis reveals that 28% of insurance-related companies experienced at least one publicly reported breach. This translates to 42 out of 150 top companies worldwide, highlighting the pervasive nature of the threat.

More alarming is the frequency of multiple breach incidents. Of the affected companies, 12 experienced two or more breaches, indicating persistent vulnerabilities or targeted attacks. One company even reported six separate breach incidents, underscoring the relentless nature of cyber threats in the sector, the report noted.

Perhaps the most concerning trend is the prevalence of third-party involvement in these breaches. A staggering 59% of all reported breaches involved third parties, either compromising another organization’s infrastructure or data, or reaching the target via a vendor or another third party. This rate surpasses that of any other industry analyzed, including top U.S. federal contractors, and far exceeds the global cross-industry baseline of 29%.

Insurance carriers, which typically maintain higher security scores, were disproportionately affected by third-party breaches. While carriers comprised about 27% of the total sample, they represented 50% of the companies hit by third-party incidents, SecurityScorecard noted.

“Ransomware is the top threat to the insurance industry, exceeding its dominance in most other sectors. Every attack tied to a known threat actor involved ransomware,” the report stated.

View the full report here. &

The R&I Editorial Team can be reached at [email protected].

The Green Transformation: How Philadelphia Insurance Bolsters Companies Seeking Alternative Energy Solutions

Wind, solar and geothermal energy solutions are rising in popularity among insureds. Initiatives in this green transformation have environmental underwriting support from the experts at Philadelphia Insurance Companies.

By: Philadelphia Insurance Companies | March 3, 2025

Businesses know the green transformation is well underway, and they are preparing in the best way possible: by working with their environmental insurance partners to get ahead of risk and keep informed.

“Green transformation” is more than a climate shift or weather patterns; it’s a social transference to more environmentally sustainable energy solutions like solar, wind and geothermal sources.

“As companies invest in green transformation, and begin shifting their business models away from exclusive investment, use, or support of traditional energy sources like petroleum and coal, they are starting to look at the alternative energy space,” said Jamie Langes, Vice President of Environmental Underwriting for Philadelphia Insurance Companies (PHLY).

“Insurance can champion this repositioning by supplying financial support needed to companies engaged in green transformation through policies and programs.”

This is a promising growth area for environmental insurers and their clients—one that insurers are increasingly willing to support and help free up capital. Here’s a deeper look at businesses’ interest in green transformation, the potential underwriting challenges of alternative energy solutions and the grounds for a good partnership.

A Bigger Interest in Green Transformation

Jamie Langes, Vice President of Environmental Underwriting, Philadelphia Insurance Companies

There are plenty of reasons why companies are looking at green and alternative energy solutions. Sustainability is a big reason, as is the profit motive.

Insurance companies are looking at this shift with interest, with some carriers even reducing support for traditional energy sources to help bolster investment opportunities in green energy.

“In the insurance sphere as a whole, carriers are actively engaged in identifying strategies to deploy their capacity, and making conscious determinations regarding coverage offerings that as a marketplace, we have committed to allot to green transformation,” Langes said of carrier interest.

Green energy is important for businesses’ future as it provides a renewable source of energy. As interest turns toward utilizing the big three—solar, wind and geothermal—so too does the financial support to sustain these endeavors.

“The more companies dive into green transformation, and the more insurers support those operations fiscally, we’re projecting this could easily set a market pace in the billions in a very short time,” Langes said.

How Insurance Supports Green Transformation

Venturing into green energy should not be done lightly; that’s why it’s important to work with an environmental underwriting team that has its finger on the pulse of green transformation.

Businesses looking into alternative energy require support from the insurance marketplace in order to secure adequate liability transfer, as well as limit rising risks. Insurance plays its role by supplying financial support to these companies engaged in green transformation to be able to function.

“Insurance capacity is growing, and rate is supporting new ventures from a balance of coverage and premium,” Langes said.

Insurance further provides a risk management perspective that helps sustain start-up costs and exposures for liability. Having the backing of an experienced underwriting team can be the difference between sound risk management and coverage and failure to launch.

“Green transformation is being leveraged as one component of our environmental approach,” said Langes, “and with [PHLY’s] expertise and experience, that approach is finding new ways to do business—including collaboration and a long-term vision, which embraces our role as a financial vehicle for progressing and assisting green transformation and technology through insurance.”

Traditional and Alternative: An Important Underwriting Balance

There is one thing that a good underwriting team must also review when aiding clients in their green transformation: Underwriting for traditional energy sources has the benefit of historical data to help guide decision-making.

“The insurance marketplace has ample actuarial data to gauge pricing parameters and risk acceptance vehicles from insuring traditional sources of energy long-term. As a result, insurers understand how to write that risk explicitly to make sure they’re able to not only support the business but also have the profitability to support their insureds should there be a claims situation,” Langes explained.

In contrast, “Green energy and design risks don’t have that much value proposition data yet since these exposures are still relatively new in the insurance marketplace as an insurable risk.”

To fully bring about green alternatives, underwriters must lean into this transitional period with a pulse on both sides of the energy aisle. It will take additional considerations during the process, including a review of rates, coverage options and availability, and detailed terms and conditions to best service green transformation companies.

“The businesses have to coexist. Existing traditional energy sourcing companies that are investing in green solar, wind or geothermal will still have their original exposures; just less over time,” Langes said.

“The underwriting challenge, therefore, is that we must underwrite the two dichotomies, green transformation along with traditional, as companies transition forward.”

Environmental Underwriting Experts at Your Service

Insurance is a partnership forged by the insurer’s deep understanding of the insured’s risk management needs. At PHLY, the team is dedicated to better understanding its client partners’ businesses inside and out.

Companies looking to join the green transformation can rest easy knowing that the environmental underwriting team at PHLY applies this same level of understanding.

“We’re proactive in our approach, more than reactive,” Langes continued. “This means that what’s next, what’s new, what our insureds’ needs are, remains at the forefront of our decision making. Investing in green transformation is a fairly new endeavor for many insurance companies, but we, at PHLY, have the advantage that we’re always willing to be engaged in the evolving conversation.”

“We are integrating green transformation options into our coverage positions, investing in these initiatives as we would for any operation,” Langes said.

As part of Tokio Marine Group, its parent company, PHLY can further leverage the insurance experts within the umbrella to evaluate, at the highest level, the societal changes and community interest in green transformation and what clients are looking for from their financial insurance partners.

Further, PHLY has built an environmental underwriting team with tenured experience in the marketplace. But it’s more than that: “We not only have the experience but also the expertise,” said Langes. “Many of our underwriters come from the consulting field, so they also understand the technical aspects of sustainable energy solutions. We leverage that into collaboration, and towards being a resource for brokers to help them support their clients for insurance. Tokio Marine and PHLY bring all of that expertise to the table on products and service.”

This dedication to green transformation has enabled PHLY to have competitive and tailored coverage. Underwriters are paying close attention to companies transitioning to alternative energy solutions, as well as looking at related fields to constantly and consistently remain in the know.

To learn more, visit: https://www.phly.com/ESdivision/es-environmental.aspx

This article was produced by the R&I Brand Studio, a unit of the advertising department of Risk & Insurance, in collaboration with Philadelphia Insurance Companies. The editorial staff of Risk & Insurance had no role in its preparation.

Philadelphia Insurance Companies (PHLY) offers product-specific resources, alliances, and service capabilities to achieve a multi-faceted approach to risk management, including safety program development, site audits, and training (including interactive web-based training). We offer a wide range of products and value-added services at financial terms to be agreed upon to help you achieve your risk management goals.