A new report highlights how cybersecurity gaps threaten the critical services and confidence of policy holders, according to Securityscorecard.

Of the 150 main insurance companies involved in third -party attack vectors, 59% critical vulnerabilities exhibited in the sector supply chain, more than double the global industry average of the 29% industry. Third -party software and caused 50% of these violations.

The findings underline the systemic risks raised by cyber threats for an industry responsible for safeguarding financial and confidential financial information.

The interconnected network of operators and reinsurers of the insurance industry to the runners, the claims processors and the specialized providers of IT is essential to provide services, but introduces significant cyber risks.

“The dependence of technology insurance companies to manage daily operations has exceeded its ability to ensure,” said Andrew Corll, senior director of cybernetic insurability. “Cyber ​​risks do not stop in the first defense layer: they extend deeply in the supply chain, where vulnerabilities are more difficult to detect and even more difficult to mitigate. Addressing these risks requires a change in how the industry prioritizes third party safety. “

Insurance companies were disproportionately affected by third -party infractions, said Securityscorecard.

Although the operators constituted around 27% of the total sample, they represented 50% of the companies hit by third -party incidents. The report discovered that more than half (56%) of companies had at least one credential committed in the last two years.

Malware infections and device commitments affected 17% of companies last year.

The smaller cyber risk factors for the sector are the safety of the application, the health of the domain system and network safety. DNS health is rarely located among these factors.

Some processable ideas so that the insurance sector strengthens its supply chain:

• Strengthen third party risk management. Transporters face high third -party risks due to the dependencies of low score industry, including IT suppliers and corridors. Give yourself in high -risk partners to reduce vulnerabilities and address frequent violations and credential commitments.
• Make sure suppliers have their own effective TPRM programs. The risks of the fourth party of suppliers of suppliers are critical but are often lost. Make sure suppliers have strong TPRM processes to close the supply chain gaps and avoid violations such as the Moveit campaign.
• Avoid paying ransomware demands. Paying bailout encourages attacks, risks legal problems and does not guarantee recovery. Avoiding payments helps dissuade criminals and protects the broader ecosystem.