Brought to you by:

Insurers’ data attracts cyber thieves

The insurance industry often discusses how to protect consumers from cyber attacks, but insurers themselves are at risk from information thieves, according to PricewaterhouseCoopers.

Partner Richard Bergman told the recent Actuaries Institute conference cyber criminals with different motivations “trade” with each other to achieve their goals.

A “hactivist” group with a particular ideology may work with an organised crime gang wanting access to databases to steal customer identities.

“Someone will find a way in and sell that to someone else who wants to exploit it.”

State-sponsored hackers search for commercial secrets.

“Data itself is now valuable,” Mr Bergman said. “There is a very sophisticated black market economy on the dark side of the internet, where it is very easy to buy and sell information.”

Market forces are in operation: the US market has an oversupply of stolen credit card data, so its unit price has dropped from $US6-$8 ($6.90-$9.20) in the past year to about $US1 ($1.14).

“Health records are currently very valuable and you can sell one for about $US50-$US100 ($57-$114),” Mr Bergman told insuranceNEWS.com.au after the conference.

Health records may be used for espionage or against high-profile officials, and can usually supply all the information needed for identity theft.

Mr Bergman says insurers are at risk of “insider threat” from rogue employees with legitimate access to their systems.

“The other risk is just the digital ecosystem they operate in. It is very complex, with joint ventures and alliances and multiple countries.”

With more data stored on clouds, it can be hard for insurers to know where information is, but they must be prepared for disruption. A company’s brand will be enhanced if it can respond quickly and well and communicate with customers and media, Mr Bergman says.