Cybersecurity For Insurers: Triple-I And Fenix24 Spotlight Recovery Gaps, MFA Risks, And Patch Pressure

by

Estimated reading time: 7 minutes

A Growing Market Encounters A Tougher Threat Cycle

Cybersecurity for insurers has become a storm-prep issue. The question is no longer whether carriers have a plan. The question is whether that plan holds when the storm arrives, and systems fail, email stops, and business operations stall. A new report from Triple-I and Fenix24 finds that insurers have strengthened key controls, but important gaps remain in ransomware recovery, patch management, and defenses against business email compromise. The market context raises the stakes. The report says the cyber insurance market reached $15.3 billion in 2024, and projects growth to $16.3 billion in 2025.

Meanwhile, ransomware continues to drive major insured losses. However, business email compromise and funds transfer fraud generated a larger share of reported claims in 2023, 56 percent, compared to 19 percent for ransomware. The report also notes that business interruption accounts for about half of the $1 million average cost of a ransomware incident.

Sean Kevelighan, CEO of Triple-I, frames the issue clearly. “Insurers occupy a paradoxical position in the cybersecurity landscape,” he said. “They assess cyber risk for policyholders and establish security requirements as conditions of coverage, yet they also need to demonstrate their own cybersecurity practices meet or exceed evolving standards.” That tension shapes the whole report.

Cybersecurity for insurers graphic featuring Triple-I and Fenix24 logos with headline about recovery gaps, MFA risks, and patch management pressure in the cyber insurance industry.

Preparation Above Perfection

The report is built around a practical idea: focus on preparation, not perfection. The authors point out that there is no perfect solution. Instead, they encourage insurers to test their recovery plans, make faster decisions, and keep improving their security controls.

The report also points out the need for balance. Insurers need strong security, but they also have to serve customers and keep daily operations running. Adding more restrictions can make systems safer, but also harder to use. The report calls for “safe transactions without adding excessive friction to customer experience.” Every insurer faces this challenge.

Immutable Backups Need Real Recovery Testing

One of the main findings is about immutable backups. The report says most insurers use them for important systems like cloud storage, databases, email, file servers, network settings, SaaS apps, and core infrastructure. This is good news for cybersecurity, since having reliable backups is key to recovering from ransomware.

The challenge comes during testing. Many insurers say they can meet recovery time goals for their most important systems. However, the report warns that these tests often happen in perfect conditions and may only cover one system at a time, not the whole network. This creates a big blind spot. In a real ransomware attack, things are messy—systems are connected, identities may be damaged, and there is pressure to get the business running again.

See also  Stolen credentials crisis: FTSE 100 Logins Flood Dark Web

Mark Grazman, CEO of Fenix24, makes this clear in the press release. “Most organizations have tested their recovery plans for natural disasters or standard IT outages, but not for ransomware attacks.” He also says attackers “systematically target and destroy infrastructure including Active Directory, identity systems, virtual machines, hypervisors, and even core communications like email.” This shows why testing just one system at a time is not enough.

MFA And Identity Controls Still Need Hardening

On credentials and access management, the report says that all participating insurers use password vaults and strong password-complexity rules. User passwords average more than 13 characters. All respondents also require MFA for administrative accounts. Those are meaningful strengths.

However, the report also points out some weaknesses that need quick action. It recommends banning less secure MFA methods like SMS, phone calls, email confirmations, and device push notifications, since attackers commonly take advantage of these. The report also suggests reducing single points of failure, such as domain-linked SaaS accounts, by using segmented identity systems to limit risk across the whole network.

This is important because identity is now a key target in attacks. If attackers get privileged access, they can turn off defenses, move through the network, and stop recovery efforts. The report sees strong identity protection as a basic requirement, not just an extra layer.

Watch Our Podcast – Data Governance: Cut Cyber Breach Blast Radius + Cyber Insurance Risk

Attack Surface Management Demands Everyday Discipline

The section on browsing controls shows how small decisions can lead to bigger risks. Most insurers let employees use several web browsers, which increases the attack surface and the need for regular patching. Most also use DNS filtering and block peer-to-peer sites and webmail, which helps limit attacker access and makes browsing safer.

Split tunneling is a risk area. Some insurers let employee internet traffic bypass VPN encryption. That may improve user experience. It also increases exposure to phishing, malware, and man-in-the-middle attacks, according to the report. The authors do not present a universal ban. They call for a clear understanding and strong mitigation wherever companies choose this model.

See also  Cyber Threats Remain Top Business Concern in 2025 Travelers Risk Index

Patch Management Faces A Speed Test

Patch management may be the most urgent issue. The report says all insurers use automated patching systems, but only about half install security patches every month. This slow pace can leave them exposed, since threat actors often use new exploits within hours or days. The report recommends speeding up patch cycles, testing emergency patching, and having clear rules for quick decisions during zero-day threats.

The same section praises penetration testing, including social engineering, on help desk teams. Attackers now routinely exploit human workflows rather than solely technical flaws. The report cites help desk attacks linked to groups such as Scattered Spider. This supports the argument: operational discipline now matters as much as technical tools.

Get The Cyber Insurance Upload Delivered
Subscribe to our newsletter!

A Clear Message For Insurer Security Leaders

The report ends with a clear message: resilience comes from tested recovery plans, strong identity controls, better patch management, and ongoing improvement. As it says, “The difference between resilience and disaster lies not in perfect prevention but in systematic preparation, validated recovery capabilities, and organizational commitment to continuous security improvement.” For insurers, this advice is timely. Now, cybersecurity depends on showing recovery strength before the next real crisis hits.

FAQ – Cybersecurity For Insurers: Key Risks In MFA, Patch Management, And Business Email Compromise

1. What Is The Triple-I And Fenix24 Report About?

The report examines cybersecurity for insurers and highlights strengths, gaps, and priorities across the insurance sector. It focuses on ransomware recovery, MFA, patch management, browsing controls, and cyber resilience.

2. Why Does Cybersecurity For Insurers Matter?

Insurers manage sensitive data, support critical business functions, and assess cyber risk for policyholders. Strong internal security helps protect operations, trust, and regulatory confidence.

4. Why Are Immutable Backups Important For Insurers?

Immutable backups help protect data from tampering or deletion. They play a central role in ransomware recovery and broader cyber resilience planning.

5. What Does The Report Say About Recovery Testing?

Many insurers test recovery under ideal conditions or on a single system. The report recommends full network recovery testing to better reflect real ransomware events.

6. How Does MFA Affect Cybersecurity For Insurers?

The report says all participating insurers require MFA for administrative accounts. Some still allow weaker methods like SMS or email confirmation, which attackers can exploit.

7. What Is Business Email Compromise And Why Does It Matter?

Business email compromise is a form of email fraud that can lead to stolen funds or fraudulent transfers. The report says BEC and funds transfer fraud made up 56 percent of reported cyber claims in 2023.

8. What Does The Report Say About Patch Management?

All participants use automated patch deployment systems. Still, only about half deploy security patches monthly, even though attackers often exploit new flaws within days.

9. How Does Split Tunneling Increase Cyber Risk?

Split tunneling allows internet traffic outside VPN protection. The report says that can raise exposure to phishing, malware, and man-in-the-middle attacks.

10. What Is The Report’s Main Message For Insurers?

The report urges preparation over perfection. It recommends realistic recovery testing, stronger identity controls, faster patching, and continuous security improvement.

Martin Hinton

Martin Hinton is the Executive Editor and Publisher of Cyber Insurance News and Information. With over three decades of journalism experience across six continents, his work encompasses investigative reporting, documentaries, and coverage of cultural, political, and business news. To learn more about his career, click on his name to visit his LinkedIn page.

Leave a Comment

×