Insurance companies continue to be targeted in increasingly sophisticated cyber-attacks. In June 2025, Aflac, Philadelphia Insurance, and Erie Insurance were all struck by attacks that disrupted their networks and systems. The following month, Allianz Life suffered an attack involving a third-party vendor where hackers used social engineering to access a cloud-based customer relationship management (CRM) system, putting millions of sensitive personal records at risk. Google’s Threat Intelligence Group suspects that Scattered Spider is behind these attacks, and, while investigations are still ongoing, several multi-million-dollar class actions have been launched against the affected insurance companies.
What This Means for Actuaries:
Like other cyber incidents, these attacks are complex and costly. According to IBM’s 2025 Cost of a Data Breach Report, the global average cost of a data breach is about $4.4 million. It typically takes several years to determine ultimate losses, which could include investigation costs, restoration of operations, new security investments, lawsuits, settlements, heightened regulatory scrutiny, and reputational damage that is hard to quantify.
These events show that the industry remains a prime target for cyberattacks. Insurers hold vast and rich databases that are goldmines of personal information for malicious actors. They are also highly liquid entities with large cash reserves. Therefore, insurers must remain vigilant and continue to invest in and refine internal protective measures.
Actuaries are uniquely positioned to not only help reduce the risk of cyberattacks, but to assess and quantify cyber risk. They have access to, and handle, sensitive data that feeds their analyses and models. Taking precautionary steps such as anonymizing personally identifiable information, or using synthetic data, can help reduce the risk of exposure. Actuaries are also advancing the modelling of cyber risk through cutting edge research. A recent CAS paper published in June 2025, “Cyber Risk: Quantification, Stress Scenarios, Mitigation, and Insurance,” builds on prior work to create a framework for pricing cyber risk. This critical research will play an important role in growing and enabling a healthy cyber insurance space.
Sources
https://www.ibm.com/reports/data-breach
https://www.insurancejournal.com/news/national/2025/06/23/828749.htm
https://thehackernews.com/2025/06/google-warns-of-scattered-spider.html
https://www.casact.org/sites/default/files/2025-06/CAS_Research_Paper-on_Cyber-Risk-Final.pdf
