APIs are at the core of today's digital services. Insurance companies worldwide are developing,
However, as with anything that experiences rapid growth, it does not come without its challenges. The growth of APIs opens the doors to a plethora of new security challenges by expanding the attack surface to malicious actors. These bad actors are tenacious and are always on the hunt to find new and unexpected ways to attack organizations. In the past, organizations believed that proper authentication to interact with an API was enough of a deterrent to send attackers elsewhere. According to Salt Labs data, however, findings show that
Despite the fact that the API ecosystem has grown rapidly across every industry globally, the insurance industry is at more risk than others, putting it at the top alongside financial services and retail industries. This piece will explore the rise in API attacks within the insurance industry and further iterate the work software and security industries have to do in this area as bad actors are constantly hard at work taking advantage of the current lack of security.
Times have changed and gone are the days of calling insurance brokers to set up policies. Today, consumers have different expectations and expect to buy, set up, renew and claim on their insurance all in one place - online. Similar to the financial services industry, the insurance industry relies heavily on APIs to supply services and move the dial on business innovation. While the adoption of microservice based architectures and use of APIs has propelled the industry to the modern ages, it is not without its challenges.
In order to keep up with customer demands, insurance companies must process and share sensitive customer data with a myriad of third parties all while ensuring their customers have the ability to access, change and submit their information instantaneously through websites and their mobile applications. This new landscape has placed APIs at the heart of insurance, poses new security challenges and shines a spotlight visible to malicious actors looking to exploit. In fact, according to survey respondents from
Malicious actors are hard at work and increasingly targeting insurance APIs and findings from Salt Security's State of API Security for Financial Services and Insurance, reveal a staggering 244% increase in unique attackers in the first and second halves of last year.. Whatsmore, a shocking 27% of respondents admitted that they had recently experienced a sensitive data exposure or privacy incident, and 17% had experienced an API sourced security breach.
The transformation to API-first architectures and workflows is helping insurance organizations stay competitive and innovate at an extraordinary pace. .While this is advantageous for the industry, it unfortunately provides hackers with a more easily accessible attack surface, presenting a low barrier to breach in most cases. This expanded attack surface enables threat actors to compromise insurance claims, access and steal account information, engage in fraudulent activities or transactions, and ultimately disrupt services. In addition, and similar to financial services organizations, insurers face the same compliance and regulatory obligations. An API attack can not only result in hefty fines, but reputational damage as well which can cost them the trust of their customers.
Given the rise in attacks, and the costs associated with API