In the past, we’ve discussed the importance of the cyber market, cybersecurity and how cyber threats have become an increasingly significant concern in today’s world. It’s gotten to the point that cyberattacks on insurance companies are increasingly common. Whether it’s your personal information or your business’s, taking the proper steps to keep yourself safe is critical if you’re even remotely online. This is why Cyber Liability Insurance is so vital. However, what happens when these cyberattacks are on insurers?
KPMG is known as one of the Big Four professional service firms. They stated during their 2025 Insurance Conference in Toronto that they are seeing more hybrid attacks targeting both first- and third-party entities, as well as threat actors working together. Let’s take a closer look at what this means for the insurance industry as we know it.
Cyberattacks On Insurers and Third-party Administrators
During a cyber insurance and cybersecurity session at the 2025 Insurance Conference in Toronto, attendees were made aware of cyberattacks on insurers and third-party administrators. In one specific case, two prominent threat actors collaborated to conduct a social engineering attack against employees to gain access to the Salesforce CRM (customer relationship management) platform. This was stated by Mike Rosenlund, the senior manager of cyber defence at KPMG Canada.
“It’s particularly interesting because technically it could be a first-party incident, because you have the employee being abused from social engineering,” Rosenlund says. “Could be a third-party incident, because the entire attack takes place within Salesforce’s SaaS [software-as-a-service], or online solution.”
In a separate attack against Allianz Life, the stolen data “wasn’t necessarily proprietary, highly sensitive insurance data.” However, it still included names, dates of birth, addresses, and payment information. During this attack, at least 1.4 million customers, financial professionals and select employees were believed to be affected.
KPMG Seeing More Attacks Targeting First and Third
According to KPMG, they are seeing “more and more” of these hybrid attacks that may affect both first- and third-party entities.
“They’re also taking two sophisticated threat actors. In this case, one’s a very common ransomware operator and the other one’s a more common initial access broker, or the bad guys that you go to to get access to a company working together to deliver this over and over and over again across industry.”
Ultimately, it comes down to good cybersecurity practices. This helps protect your personal information and devices from cyber threats.
“Most of the attacks we’re seeing and most attacks we’re talking about – be in ransomware, third-party breaches, even social engineering, can often be defeated with solid cyber fundamentals and cyber hygiene,” Rosenlund says. “Cyber hygiene and cyber fundamentals are the name of the game.
When it comes to these cyberattacks on insurers, professionals should look to their supply chain. They should ask themselves how much trust they hold in their security outlook. On top of this, what they’re doing to protect themselves from their own third parties, Rosenlund states.
Cyberattacks On Insurers and The State Of The Market
In most cases, average incident costs for Canadian claims are trending downward, from a high of $2 million in 2022 to $753,000 in 2024, according to Rosenlund. Imran Pira, managing partner and head of complex risk at Jones DesLauriers Insurance Management, agrees.
“That looks a little low to me. That’s a fluid, real-time stat that we’re updating daily…It’s a bit of a moving target,” she exclaims.
According to Rosenlund, this is attributed to better cyber resilience.
“I believe in a lot of cases, it has to do more with the actual ability to respond and then the resilience on the organization’s back-end, so you’re not completely ‘rip and replacing’ everything because of a hardware fault or lack of back-ups.”
Nowadays, the cyber market has come a long way compared to the old days. Back then, many insurers exited their cyber portfolios. According to Pira, they’ve seen more insurers enter the marketplace, taking over vacant books. He added that global insurers are also opening shop in Canada. To add to this, claims frequency and severity are increasing.
“It’s so inexpensive to buy cyber insurance right now, particularly if you work with a good consultant or good broker to position your risk profile in a positive light,” Pira says.
At the end of the day, it has become more critical than ever to have cyber liability insurance. Contact us today or request a quote online below.
Online Risks Are Growing. Keep Your Business Data Safe.
Shield your operations today — get your free cyber insurance quote!
Have you experienced a cyber attack at home? Let's discuss Read more
In the hospitality industry, the satisfaction of your guests is Read more
The New Year is around the corner! Now is a Read more
