Insurers Digital Transformation and Expanding Cyber Risk Considerations

Insurance consumers are more digitally connected than ever. Coupled with the enormous amounts of sensitive data insurers hold on customers, data theft risk in 2021 is escalating.

The Covid-19 pandemic has accelerated major shifts in insurance consumer expectations and behaviors. Digital use has skyrocketed. In response, insurance companies have reimagined and rebuilt the value delivery chain to cut costs, retain customers and adapt. Examples include everything from self-service kits and usage-based offerings to work-from-home staffing and the accelerated digitalization of distribution and claims. While some shifts are short-term, others such as digital models are here to stay.

This rapid pace of change in the digital space is making cyber risks challenging for insurers. In the 1H 2020 alone, the FBI and Interpol reported digital crime up 75 percent. The consequences for insurers are significant. Financially, the cost of a data breach is approaching $6 million. Strategically, loss of customer trust due to a data breach could severely impact retention, differentiation and growth plans. As insurers continue to digitalize their operations, make use of Cloud, AI and IOT and utilize more partner technologies, cyberattackers are moving continuously to exploit the point of least resistance.

View and download case study

Download now


of insurers may be vulnerable to web skimming based on a non-intrusive client-side data theft analysis


is the average cost of a data breach within the financial services industry, including insurance


year-on-year increase in compromised records in 2020 with over 37 billion records being compromised last year

Hackers target the client-side web app and web supply chain

The point of least resistance may now reside on the client side of web applications and sites. A recent 2021 Ensighten study showed that nine in ten (88 percent) insurance companies may be at risk of client-side data theft. Several hacker groups have employed techniques targeting the hard-to-defend client-side web attack surface. Insurance websites incorporate JavaScript code coming from multiple sources, including open source, third-party libraries and web services (web supply chain). Hackers typically infect an insurance company’s website via JavaScript injection. This malicious code, designed to siphon data to criminal sites, is loaded into the browser at runtime and presents significant risk with full access to web page data. This technique is especially challenging for insurers because it bypasses server-centric security models.


data breach incidents were reported within financial services in 2020 according to a VDBIR Report


of the data breaches in financial services were financially motivated and 77% involved personal data

Client-side data breach and compliance risks

One of every two data breaches is the result of hackers according to a Ponemon 2020 study. With the web browser now a highly targeted attack surface, insurance companies are extending their server-centric security perimeter to the web browser to address several client-side vulnerabilities:

CSS injection

This vulnerability involves arbitrary (i.e. malicious) CSS code being injected in an insurer’s website at runtime. Compromised CSS code can extract sensitive data.

Formjacking/web skimming

Formjacking mimics real-world card skimming. Malicious formjacking code secretly captures data – such as login credentials and payment and PII data – as your customer submits it in an online form. The data is then transmitted to a criminal destination. Kaspersky detected 510,000 unique web skimmers used across industries in 2019 and a 187% year-over-year growth in web skimming attacks.

Data leakage

Unauthorized transmission of data to an external recipient or destination, authorized or unauthorized, and happening either accidentally or with malicious intent.


Keyloggers are a type of monitoring software designed to record keystrokes made by a user. Keystroke loggers record the information your customer types into your website and send it to hacker sites.

JavaScript injection

Insurance websites utilize a heavy amount of JavaScript. JavaScript, both server and client side, makes user experiences dynamic. Because this code has access to data shared during a customer’s online session, hackers look for ways to covertly inject malicious code to read and steal data.

HTML tags and piggybacking

Tags are used to facilitate the collection and sharing of data between a website and third-party technologies. Tag code, delivered at runtime, instructs the browser to send data to third parties and allows third parties access to data collected on the site. This risk is further compounded when third parties include tags for their partners (piggybacking).

Man-in-the-Browser (MitB)

The hacker first finds a way to infect the customer’s device. Once infected, the malware installs itself on the browser without the customer’s knowledge. The malware then records data sent between the customer and insurer and transmits it to a criminal site.

JavaScript injection via third-party web supply chain

Hackers infect an insurer’s web supply chain via JavaScript injection to covertly penetrate the online experience and steal information. Third-party technologies and services enhance the customer experience by adding features such as chat, payment and analytics. The underlying JavaScript code originates from third parties or, worse, their extended ecosystem and loads at runtime, making it hard for insurers to examine and validate.

Learn more about Ensighten and our solution

Third-party JavaScript blog
Learn more about the risk of third-party JavaScript components and how to ensure protection against PII leakage
Read now
Web-based attacks guide
Learn more about website attacks and how the most common methods for exposing data are often overlooked
Read now
Online demo
See the Ensighten solution in action to learn how we can help ensure client-side web security
Book now