Credit: Sergey Nivens/Adobe Stock
Third-party attacks are responsible for most data breaches reported by the top 150 insurance companies, according to a recent report by SecurityScorecard.
Fifty-nine percent of breaches involved third-parties, the data showed, while 28% of the top 150 companies reported breaches.
Recommended For You
SecurityScorecard said the top insurers suffered a higher rate of breaches than all of the S&P 500 (21%) companies combined. Breaches at the top insurance companies also outpaced the U.S. energy industry (14%).
“Insurance companies’ reliance on technology to manage daily operations has outpaced their ability to secure it. Cyber risks don’t stop at the first layer of defense — they extend deep into the supply chain, where vulnerabilities are harder to detect and even harder to mitigate,” said Andrew Correll, senior director of cyber insurability. “Addressing these risks requires a shift in how the industry prioritizes third-party security.”
Other key takeaways…
- Insurance carriers were disproportionately affected by third-party breaches. Although carriers made up about 27% of the total sample, they represented 50% of the companies hit by third-party incidents.
- Third-party software and IT caused 50% of the breaches, while cross-industry software and IT accounted for 37% and insurance-specific IT comprised 13%.
- More than half (56%) of companies had at least one compromised credential in the past two years.
- Malware infections and device compromises affected 17% of companies last year.
- The lowest-scoring cyber risk factors for the sector are application security, DNS health and network security. DNS health rarely ranks among these factors.
The global insurtech market peaked at roughly $27.8 billion in 2024 and could reach as high as $239.2 billion by 2033. In the U.S., the sector reached $9.2 billion in 2024 at a compound annual growth rate of 25.3%.
Meanwhile, the cyber insurance market peaked at roughly $17.77 billion in 2024 and is projected to reach $21.67 billion in 2025 at a compound annual growth rate (CAGR) of 22%.
“The cyber insurance market is ever changing with new insurance companies entering the market and others departing,” said Arthur Armstrong, a partner in Reed Smith’s insurance recovery group.
“Likewise, policy forms are continuously evolving to address new and different cyber risks,” he added. “Unfortunately, this has led to more exclusions and sublimits that negatively affect cyber coverage overall.A policyholder should work with an experienced broker to ensure that it is obtaining appropriate coverage with respect to scope and available policy limits.”
© 2025 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
Joe Toppe
Joe Toppe serves as managing editor of PropertyCasualty360.com. Joe is also a father of three, an author, and longtime lover of baseball.
