Defend Insurance Companies Against Cyberattacks

Cyberattacks against insurance companies are on the rise and attracting increased public attention in the aftermath of the 2015 data breach of Anthem Healthcare, which compromised 78.8 million records and cost the company millions of dollars in both damages and breach-of-privacy claims.

Preventing and recovering from cyberattacks is a serious challenge for insurance company leaders. In a KPMG Global CEO Outlook survey, only 43% of insurance executives reported that their companies were adequately prepared for a cyberattack.

Why are insurance companies prime targets for cyberattacks? Security and identity teams in the insurance industry struggle to defend against cyberattacks because of several factors unique to this business sector:

  • Because insurance companies hold massive amounts of personally identifiable information (PII), their information systems are a prime target for cybercriminals.
  • As insurance companies adopt new online services to improve customer experience, the potential attack vectors for malicious actors expand.
  • Insurance companies are interconnected with scores of other businesses—healthcare providers, auto body shops, home repair companies—increasing the likelihood of supply-chain attacks that gain entry through third-party vendors.



Amount Anthem Healthcare paid to 2015 cyberattack victims for breach of data privacy



GEICO customer driver’s licenses compromised by malicious actors in early 2021



Ransom paid by CNA Financial in March 2021 to regain control of its network  


Active Directory is a common starting point for cyberattacks in the insurance industry

The majority of businesses worldwide use Microsoft Active Directory as their primary identity store—the method by which they control access to company information systems. And Active Directory has inherent security weaknesses that are frequently exploited by cybercriminals. According to security consulting company Mandiant, about 90% of the attacks they investigate involved Active Directory in one form or another. Insurance companies are no exception.

Defending Insurance Companies Against Cyberattack 

Semperis helps insurance companies prevent, mitigate, and recover from identity system-related breaches—before, during, and after an attack.  


Cybercriminals target Active Directory, a 20-plus-year-old technology, because it has inherent security soft spots that are easy to exploit.  


Semperis scans your Active Directory environment to uncover Indicators of Compromise (IOCs) and Indicators of Exposure (IOEs) resulting from misconfigurations over time or from in-progress attacks.


After gaining entry into an insurance company’s information systems, malicious actors can move laterally through the environment, often flying under the radar for weeks or months.


Semperis flags in-progress attacks that go undetected by SIEMs and other traditional log-based or agent-based solutions. Plus, Semperis autonomously rolls back malicious AD changes.  


Cybercriminals can bring insurance companies to a halt, increasing the likelihood of businesses paying hefty ransoms rather than compromising customer data, which can lead to millions of dollars in damages as well as reputational damage.  


Semperis cuts the time to fully recover the Active Directory forest from days or weeks to minutes, ensuring that insurance companies can quickly resume operations without fear of reintroducing malware that could bring the business down a second time.  

“Three reasons for choosing Semperis: Immediate full forest recovery, the ability to create a lab that mirrors production, and the pleasant contract review process.”

Infrastructure & Operations Manager
Large U.S. Insurance Company

“Great product for peace of mind when protecting your Active Directory.” 

—Microsoft Systems Engineer, Infrastructure & Operations, $500M+ Services Company 

 See the full review on Gartner Peer Insights


“The prevalence of ransomware means that companies must deal with the real possibility of a threat actor crippling their entire IT environment—everything, including AD. The idea of having to recover Active Directory from scratch is no longer theoretical. It now must be a critical part of incident response planning. ”

Gil Kirkpatrick
Chief Architect | Semperis

Learn more about how cybercriminals exploit insurance companies’ identity systems

Learn More

Do You Know Your Active Directory Security Vulnerabilities?

The Practical ROI of a Quick Active Directory Recovery

Unlock cyber resilience for insurance companies Request a demo