Protecting from Hack Attack: Annuity Professionals Need Cyber Security and Data Breach Insurance

Share via emailShare on FacebookShare on Twitter

As an insurance agent, you offer a service that will provide your clients and their families with protection against some of life’s unfortunate, unexpected events. But there is one threat that you may not have thought of – and may not see coming – the cyber-attack or a breach of your business data.

Cyber-attacks and data breach events are on the rise for businesses of all types and sizes around the world, and insurance agents are being targeted more recently because of the amount of confidential client data they maintain. This data is of high value to hackers.

The Internet has become commonplace for private and business use. Unfortunately, with the growth of the Internet comes the growth of cyber-attacks – putting us all at risk with increasing fury.

In fact, former legal counsel to the National Security Agency (NSA), Joel Brenner, expressed how this has become a major concern in a 2014 interview by the Washington Post:

“The Internet was not built for security, yet we have made it the backbone of virtually all private-sector and government operations, as well as communications. Pervasive connectivity has brought dramatic gains in productivity and pleasure but has created equally dramatic vulnerabilities. Huge heists of personal information are common, and cyber thefts of intellectual property and infrastructure penetrations continue at a frightening pace.”

In 2012, FBI Director, Robert S Mueller, stated:

“There are only two types of companies; those that have been hacked and those that will be . . . and even they are converging into one category . . . companies that have been hacked and those that will be hacked again.”

Government agencies identify cyber-attacks to be a serious threat to economic and national security. As annuity agents expose themselves more on the Internet through e-commerce and social media, they become more vulnerable to this risk. Hackers can shut down an agent’s network, access the financial and personal information of their employees and clients, and steal sensitive insider business information.

When cyber-attacks make the news, it’s because big companies such as Target, Sony, Home Depot or most recently Anthem Blue Cross and Blue Shield otherwise thought to be invincible, become the victims. The Anthem incident could rank among the largest of all recent attacks and further reinforces that the Insurance Industry is quickly becoming the preferred choice of hackers. While large companies like these are sought-after targets, small businesses can become prey to cyber-criminals as well. As the larger companies dedicate more resources to fight cyber warfare, the bad guys are searching for specific targets that may not have the security safeguards in place to protect their data.

Small Businesses are Vulnerable to Attacks

According to the 2013 survey by The National Small Business Association, 44 percent of small businesses have had a cyber-attack. These businesses, including insurance agents, have become attractive targets because most businesses don’t have the same high profile security measures in place like larger companies, offering the hacker an easier entry.

Across the globe, insurance professionals are being sought out by hackers and thieves for their clients’ personal, financial, and medical information. When this data is compromised in an attack, it can be a critical loss to both the financial stability and credibility of the agent. Under various laws such as HIPAA, agents are held to a higher set of accountability requirements to keep Personal Identifiable Information (PII) and Personal Health Information (PHI) secure in all ways – and not just online.

Remember data breaches are not isolated to business computers. Data breaches encompass any way information is stolen, hacked, or disclosed, including the stealing of a personal laptop or lost phone containing confidential client data, as well as paper documents and files. Responding to a data breach can be more costly than the direct financial impact of the data itself due to the many stages and actions that must take place after an initial discovery of a data breach.

Threat Assessment 

The good news is that even a little prevention can go a long way. Performing a threat assessment can help identify potential risks and vulnerable areas. After the initial threat assessment, protocols should be put in place to make sure cyber security measures are followed at all times.

Cyber security measures to protect your business:

  • Install, regularly update, and use anti-virus and anti-malware software
  • Have firewalls in place and use a secure email server
  • Implement and enforce security protocols and policies that include creating strong passwords, Internet usage, and protection of all paper files
  • Encrypt all electronic files and documents that contain confidential or sensitive customer information
  • Make sure any employees or staff are all trained on and follow data security and privacy best practices
  • Confirm the cyber security of any businesses or vendors that you interact with, especially those conducting financial transactions
  • Have a practiced plan in place for how to respond and recover from a cyber security breach. Know in advance who to call for expert help if you suspect a breach.

There are a number of companies available in the insurance marketplace, including options available to NAFA members in conjunction with National Association of Professional Agents (NAPA) that can help educate, protect, and create cyber security plans for annuity agents. In fact, NAFA and NAPA highly encourage all agents to carry a cyber/data breach insurance policy to insure against the potential liability and high costs associated with the breach. Agents will need to respond quickly to contain the loss, notify those clients affected, and be prepared to pay damages and fines associated with the event.

A well thought out cyber and data breach strategy addresses how to establish proper controls and procedures to protect against the loss of the information. Adequate insurance and a response partner, as part of that plan, will help to deal with the aftermath. Annuity agents can look to NAFA and NAPA for these types of cyber solutions.

Given the warnings, it only makes sense that agents have a comprehensive plan in place to protect themselves and their clients’ data from cyber thieves and cyber liability insurance will not only protect against an attack – but allow you to survive one.


NAPA’s mission is to help insurance companies, financial services companies and independent marketing organizations, provide a comprehensive insurance and benefits package to their agent sales force. NAPA continues to lead the insurance industry, providing one of the largest and most comprehensive benefit offerings, errors and omissions insurance and cyber/data breach programs available to the independent life and health insurance agent. 

Scott Reid has been the Membership Director for The National Association of Professional Agents (NAPA) since it was founded in 1989. He is a leading advocate for both insurance companies and independent insurance agents. Most recently, he has created an enhanced industry awareness of the significance of carrying proper E & O and Cyber Insurance policies to provide protection against the growing industry Errors and Omissions and cyber liability exposures. He works closely with NAFA to provide its membership and premier member companies with comprehensive insurance coverage’s and benefits for themselves as well as their independent sales agents.

Related Articles