Cyber Threats are Escalating in Insurance: What It Means for Carriers

The insurance industry has become a prime target for cybercriminals. As attackers advance beyond fintech, retail and entertainment, they’re increasingly focusing on insurance—an industry that touches nearly every U.S. household. Insurers who may not feel prepared to combat today’s hackers can benefit from learning about solutions that are available to help mitigate the risk of business disruption and additional expense.

Cybercriminals are capitalizing on infrastructure weaknesses unique to the insurance sector: outdated fraud defenses, fragmented systems and underinvestment in cybersecurity. A lack of consistent investment in protective measures against cyberattacks leaves the entire insurance sector and its stakeholders vulnerable.

Current Trends in Insurance Carrier Cyberattacks

Recent cyberattacks on insurance companies have made headlines—and the trend shows no signs of slowing.

In February 2025, SecurityScorecard.com issued a research paper with alarming data. Out of 150 companies, 42 (28%) experienced at least one publicly reported breach, resulting in a total of 64 breaches. Of those 64 breaches, approximately 59% involved third parties. The findings underscore systemic risks of insurance carrier cyberattacks. The report suggests insurance companies’ reliance on multiple, disconnected technologies, along with deep layers in the industry supply chain, creates critical vulnerabilities.

Cybercriminals are targeting insurers' data, possibly to also leverage that data to fuel future attacks. Once accessed, sensitive data can potentially be repurposed to identify vulnerabilities in other industries and organizations.

As cyber threats escalate, top U.S. insurance carriers are turning to LexisNexis® Risk Solutions to voice their concerns—and we are prepared to address them. The LexisNexis® ID Compass platform, which includes identity and fraud solutions, helps insurers stay ahead of bad actors by bringing together advanced digital identity intelligence, behavioral insights and global shared data to better spot and stop fraud in real time.

What Types of Insurance Cybercrimes Are Expected?

There is significant activity such as IP address and VPN obfuscation from international cybercriminals pretending to be based in the U.S. Bots are also targeting front-end workflows to access personal identities. Lastly, surges in call center and help desk attacks are increasingly common, driven by social engineering schemes that exploit Voice over Internet Protocol (VoIP) and ported phone numbers. 

These are the types of attacks putting pressure on insurers today, many of which exploit gaps in identity and fraud prevention systems:

• Application Fraud – Fraudsters create accounts using synthetic identities from stolen personal information, fake details or a combination of both.
• Ghost Broking – Fraudsters purchase insurance with false details or create false documents that appear to come from legitimate providers.
• Account Takeover – Fraudsters use credential stuffing or bot attacks to gain access to policies to steal sensitive information or route claims payments to themselves.
• Claims Fraud – A claimant invents a claim or adds unassociated individuals to a claim.
• Tech Support Scams – Fraudsters use social engineering and spoofing technology to take over accounts or create new policies.

The threat of business disruption is real. This nefarious activity results in data leaks, breaches, litigation and settlements at great cost to the insurance market. The new reality requires insurance carriers to be more vigilant and adopt aggressive, protective security measures to plug vulnerabilities.

Insurers need to protect every step in their workflow from cyberattacks. Protective measures, however, become ineffective if gaps exist across the business. Addressing these risks with credible solutions allows organizations to maintain focus on protecting their entire operation. At the same time, insurers want to deliver a smooth customer experience.

How Can Insurance Companies Insulate from Cyberattacks?

Fighting insurance digital fraud while delivering an exceptional customer experience is a balancing act that can be difficult to perform. An effective fraud and identity mitigation strategy can contribute to near-seamless customer experience with just the right amount of friction. Identity authentication and protected access to internal systems are paramount to fraud prevention.

Through the LexisNexis ID Compass Platform, we offer a multi-layered suite of solutions that combine physical, digital and behavioral identity intelligence across the insurance ecosystem. The products weave into the fabric of daily insurance workflows so consumer identities can be more accurately verified and authenticated in real time, without business disruption or challenges to the customer experience.

Our suite of solutions includes LexisNexis® ThreatMetrix®, which leverages shared global intelligence from millions of daily consumer interactions, including quotes, payments, online account registration, logins and claims. ThreatMetrix helps stitch together a customer’s true digital identity by analyzing the myriad connections between devices, locations and pseudonymized personal information. ThreatMetrix leverages multiple ways of distinctly identifying user devices and attributes to help resolve unique digital identity for consumers. The product profiles all devices that access a website to assist in scoping out signals of high fraud risk, such as malware, bot activity, remote access trojans, and other potential attack vectors.

Available with ThreatMetrix is LexisNexis® BehavioSec®, a behavior intelligence solution that helps differentiates legitimate users from bots and cybercriminals. Behavioral biometrics, such as keystrokes, mouse movements, pressure points and swipe patterns, are analyzed to reveal patterns of behavior that help indicate authentic users, as well as behavioral anomalies and outliers that indicate high fraud risk.

These featured products—and others in the LexisNexis® ID Compass suite of solutions—help insurance carriers mitigate the risks of cyberattacks and protect every segment of their supply chain. LexisNexis Risk Solutions creates a customized and guided approach to protect your business. We start with an analysis of your current measures followed by incorporating verification and authentication solutions to each area of your workflow for optimal insurance digital fraud mitigation.

Reach out to LexisNexis Risk Solutions for a conversation about building an identity fraud mitigation strategy to help protect your business.