Cybersecurity and Insurance: Why Hackers Target Insurance Companies

Malicious hackers may be criminals, but they are also rational.  They want to steal data that has a lot of value and large numbers.  Attacks on retailers and hotels can yield high volumes; the attack on Heartland Systems in 2009 exposed 160 million cards, ten years later hackers stole 106 million records from Capital One, and Marriott lost records on over 500 million customers in 2016, including credit card information on over 100 million.

Those are certainly eye-popping numbers, but what are those records worth?  According to Experian, if the credit cards included a CVV number, they could bring $5 each on the dark web.  Theoretically, these are $500 million breaches.

Now compare that to the Baltimore-based breach at CareFirst BlueCross BlueShield.


You may not remember this 2015 breach on the health insurance provider.  After all, it only yielded about 1.1 million individuals.  Why would attackers target such a relatively low number of records?

Back to Experian – the significance of the attack is the quantity of records times the value per record.  If the CareFirst records included diagnostic codes, employment information, and medical histories, each record could return up to $1,000 – over 200 times the value of a credit card number.  This “small” breach could potentially return more than the Marriott breach.

The type of information available is what drives attacks.  It’s easy to see why insurance companies are attractive targets.  Learn more in our new white paper about cybersecurity for insurance companies.

About Security Compass
Security Compass, a leading provider of cybersecurity solutions, enables organizations to shift left and build secure applications by design, integrated directly with existing DevSecOps tools and workflows. Its flagship product, SD Elements, allows organizations to balance the need to accelerate software time-to-market while managing risk by automating significant portions of proactive manual processes for security and compliance. SD Elements is the world’s first Balanced Development Automation platform. Security Compass is the trusted solution provider to leading financial and technology organizations, the U.S. Department of Defense, government agencies, and renowned global brands across multiple industries. The company is headquartered in Toronto, with offices in the U.S. and India. For more information, please visit