The threat of cyberattacks is increasing sharply. Now, Zurich Insurance's Japan subsidiary has been attacked, with hackers stealing sensitive customer data.

Almost every company in the financial industry is subject to cyberattacks. One popular approach is to exploit loopholes in corporate processes, known in hacker circles as business process compromise where cybercriminals specifically look for logic errors that they can exploit for their nefarious purposes.

Another rich source is identity theft. Here, hackers steal sensitive data stored on collaboration tools such as Slack, Teams, One Drive, and Google Drive.

Japan Data Leakage

Such attacks on corporate IT infrastructure are on the rise worldwide, with Swiss insurer Zurich the latest victim. According to a report by «Inside IT» (in German), a data package from Zurich Insurance Japan surfaced for download on a hacker forum on January 8. According to the entry, data on 2.6 million customers was captured, including names, email addresses, customer IDs, and dates of birth.

Zurich's Swiss media office told finews.com that only 757,463 customers of a local car insurance product were affected due to a data leak at an external service provider. It said there were no indications customer data outside Japan was affected.

Controversial Insurability

Recently, Zurich CEO Mario Greco said cyberattacks were becoming «uninsurable» due to their impact on every corner of modern life. He called for the creation of private-public systems to insure cyber risks similar to what some countries do for earthquakes or terrorist attacks. The irony the Japanese subsidiary of the insurer itself has now become a victim of a hacking attack is inescapable.

According to studies, which companies are attacked by what method is related to the size of the company. As defensive measures, vulnerability scans are often regularly carried out and simulated attacks are conducted.

War Exacerbates the Situation

The World Economic Forum's Global Risk Report 2020 cited the collapse of information infrastructure and large-scale cyberattacks as the biggest risks. After the sanctions imposed by the West on Russia, the situation worsened, with experts predicting a further increase in cyberattacks on key infrastructures.

The global financial markets are not immune to these risks, and there is massive potential for the disruption of key financial services. Clearly, financial institutions must therefore invest in cyber defenses to ensure that important financial services are not disrupted.