Fraud Management & Cybercrime , Fraud Risk Management , Ransomware
Insurer Tokio Marine Hit by Ransomware
Firm Says Singapore Unit Was TargetedTokio Marine, a Japan-based property and casualty insurer, says its Tokio Marine Insurance Singapore unit was hit by a ransomware attack this week.
See Also: OnDemand | 2024 Phishing Insights: What 11.9 Million User Behaviors Reveal About Your Risk
The global firm, which provides cyber insurance, says there's no indication of a breach of any customer information or confidential corporate information.
”On 31 July 2021, some of Tokio Marine Insurance Singapore Ltd.’s (TMiS) internal Windows servers were targeted by ransomware, and in response, our IT security systems were activated,” the company says.
The multinational company, headquartered in Tokyo, Japan, is one of the nation's largest insurance holding companies; it employs about 39,000 people in 38 countries.
Investigation Underway
"Tokio Marine Group has been working to identify the scope of damages. We have appointed an external specialized vendor to perform a third-party analysis of the systems to verify scope of impact," the company says.
Although it's unclear how or when the attack unfolded, the company says that upon detection of an attack, it isolated the affected network and notified local governmental agencies.
The company states that none of TMiS’ core insurance operating systems were affected and its regular insurance operations continued functioning without interruptions.
“This incident did not affect our life insurance operations, Tokio Marine Life Insurance Singapore Ltd (TMLS), as they maintain different servers from TMiS. TMLS also took immediate action to screen their servers and adopted additional safeguards to prevent a similar occurrence,” the company states.
A spokesperson for TMiS was not immediately available to comment.
Visibility Is Key
Stephane Konarkowski, security consultant at Outpost24, says insurance security professionals need to have an accurate view of their digital footprint and attack surface.
“As attacks targeting insurance companies increase, visibility is key," she says. "Insurance providers need to better understand the underlying attack vectors that could impact their overall security and take a more proactive approach to improve cyber hygiene by closing off potential backdoors before hackers find them. This can only be achieved through continuous assessment and monitoring.
Jonathan Knudsen, senior security strategist at Synopsys, says the reason so many ransomware attacks are so successful "is that so few organizations are properly prepared. Organizations often focus solely on functionality when selecting, deploying and operating software. They work hard to make software do what they want it to do, but security and robustness are often neglected or ignored. To prevent accidental or malicious disruptions, organizations must adopt a proactive, security-first approach to software.
Targeting Cyber Insurers
Meanwhile, Ryan Specialty Group, an international specialty insurance organization, on Monday disclosed that it had suffered a cybersecurity incident in early April that left certain personal information of some accounts potentially exposed, CyberScoop reports.
Earlier this year, Asia Assistance, a subsidiary of Paris-based multinational insurance company AXA, was hit by a ransomware attack in May that affected its IT operations in Thailand, Malaysia, Hong Kong and the Philippines (see: Ransomware Attack Hits Asian Unit of Insurer AXA).
And insurance provider CNA in March reported that it had been victimized by a "cybersecurity attack" that caused a network disruption and affected certain systems, including corporate email (see: Insurer CNA Disconnects Systems After 'Cybersecurity Attack').
CNA reportedly paid a $40 million ransom after the ransomware attack.