Fortifying the Insurance Landscape Against Phishing with Keepnet
The threat landscape constantly evolves, presenting new challenges for businesses and individuals. Among these threats, phishing is a particularly insidious and prevalent cyberattack.
Phishing remains one of the most disruptive threats to the insurance industry, undermining trust, exposing sensitive data, and triggering costly claims. Today’s attacks are not only more convincing but also powered by generative AI. In fact, 60% of recipients fall victim to GenAI-driven phishing, a rate comparable to traditional methods but far harder to detect. (Source)
For insurers, this shift signals an urgent need to rethink cyber defense strategies. In this blog, we explore how Keepnet is fortifying the insurance landscape against phishing by transforming human risk into a measurable and manageable defense layer, helping insurers prevent incidents before they occur.
The State of Phishing in Insurance
The insurance sector now sits in the cross-hairs of professional cybercrime crews that have perfected social engineering at scale. Verizon’s 2025 DBIR records 3,336 security incidents and 927 confirmed breaches in the combined Financial & Insurance vertical; System Intrusion, Social Engineering (phishing, pretexting, and BEC), and basic web app attacks together powered 74% of those breaches. FS-ISAC’s Navigating Cyber 2024 review echoes the trend, warning that insurers face a “surging fraud and scam wave” amplified by generative-AI tooling.
Why does it hurt so much? The global average cost of a data breach reached US$4.88 million in 2024—a 10% increase year-over-year. Insurance carriers also feel the pain on their balance sheet: NAIC loss data show that the market-wide cyber loss ratio climbed to 41.6% in 2023 (stand-alone policies ran even hotter at 44.3%).  At the claim level, phishing-driven events for SMEs now average roughly US$345,000.
Timing matters: Attackers routinely launch renewal-themed lures, “It’s time to review your policy” emails or calls, knowing that legitimate policy-review traffic peaks each quarter. They also strike in the chaotic aftermath of natural catastrophes, when customers rush to file claims and are less vigilant; the National Insurance Crime Bureau estimates that fraud touched 10% of the US$93 billion in 2023 catastrophe losses.
Together, these windows create lucrative entry points for credential theft, funds-transfer fraud, and data-exfiltration schemes that erode underwriting margins and brand trust.
Common Payloads
Phishing campaigns against insurers rarely stop at a single email. Typical payloads include:
- Invoice-fraud e-mails spoofing brokers or adjusters to reroute indemnity payments.
- Malicious attachments (macro-laden loss-run spreadsheets, claimant photos) that side-load remote-access trojans.
- Credential-harvesting portals mirroring agent portals, policy-holder dashboards or catastrophe-claim intake pages—often delivered via QR codes or “push-to-verify” MFA fatigue attacks.
Each vector is fine-tuned to exploit high-trust, high-speed workflows where a 30-second lapse can pivot straight into policy-admin systems or claims-payment rails.
Human Risk Hotspots
Phishing succeeds because specific roles sit closest to money, data or customer contacts:
- Claims adjusters & catastrophe teams — forced to process large document sets under strict time pressure after storms and fires; attackers exploit urgency to slip in malware or fake wire instructions.
- Contact-center representatives — voice, SMS and e-mail scripts aim to harvest authentication tokens or trigger password resets for policy portals.
- Independent agents & BYOD users — many operate on personal laptops or mobiles outside corporate EDR coverage, and Verizon records unmanaged-endpoint credential leaks in 46 % of infostealer logs. 
Keepnet bridges this critical gap by embedding human risk management into the insurance process. Through targeted phishing simulations and behavior-based training, insurers can transform vulnerable users into a strong first line of defense—reducing exposure and reinforcing trust across the policyholder base.
For a deeper look at how to manage and reduce human-centric cyber risks, explore our strategic guide on End-to-End Human Risk Management.
Regulatory & Compliance Pressures
Across every major rulebook, “reasonable assurance” now means evidence that staff can spot and stop a phishing attempt—not just that a policy exists.
- GDPR / UK ICO accountability framework treats security awareness as a living control: all employees must receive role-relevant, regularly refreshed training and organisations must monitor and prove its effectiveness. 
- The NAIC Insurance Data Security Model Law obliges carriers and agents to “develop, implement, and maintain an information-security program” based on continuous risk assessments—state examiners can demand proof that phishing defences are working in practice. 
- PCI DSS v4.0 raises the bar with Requirement 12.6: security-awareness programs must cover phishing, social engineering and emerging threats, be reviewed at least annually, and include measurable learning outcomes. 
- The UK PRA Supervisory Statement SS2/21 links outsourcing, data security and operational resilience: insurers must show that critical third-party and in-house services can withstand cyber-attacks, specifically citing the need for controls around data security and business-continuity testing. 
Collectively, these frameworks convert best-practice phishing simulations, near-real-time training nudges and board-level reporting from “nice to have” into regulatory hygiene. Insurers that cannot demonstrate a closed loop—risk assessment → targeted simulations → metrics → remediation—now face enforcement action, higher capital charges or remediation orders.
Keepnet’s diversified phishing simulators, human-risk scoring and audit-ready dashboards give compliance teams the artefacts regulators expect, turning regulatory pressure into a strategic advantage.
Emerging Attack Vectors Insurers Can’t Ignore
Phishing campaigns aimed at insurers are no longer limited to e-mail—they’re multichannel, fast-moving, and crafted to exploit policy-holder anxiety in the wake of record catastrophe losses. Below are four vectors gaining momentum, why they resonate in an insurance context, and how Keepnet’s purpose-built simulators let risk teams rehearse and harden every weak spot.
Vector | Why It Works in Insurance | Keepnet Countermove |
---|---|---|
Voice phishing (vishing) | Fraudsters imitate claimants or brokers to reset portal credentials, reroute indemnity wires, or harvest FNOL data. Financial institutions already absorb 55% of all vishing activity—and insurers are next in line. | Voice Phishing Simulator auto-dials staff with realistic claimant scripts, grades verification steps, and triggers instant remedial micro-learning. |
SMS phishing (smishing) | After hurricanes or wildfires, catastrophe-relief texts with malicious links surge. With $154 billion in 2024 insured catastrophe costs, urgency and confusion create perfect clickbait. | SMS Phishing Simulator schedules templated “disaster-alert” messages, measuring click-through by role and surfacing gaps in mobile security policy. |
MFA fatigue & push bombing | Adjusters juggling hundreds of claims approve rogue MFA pushes just to clear notification noise—an attack pattern spotlighted in multiple high-profile breaches. | MFA Phishing Simulator floods test devices with rapid-fire prompts, tracking time-to-approval and flagging users who bypass policy. |
QR phishing (quishing) | Lobby posters or conference flyers promise “Quick Quote” links but resolve to credential traps. AI-assisted toolkits make these codes trivial to weaponise. | QR Phishing Simulator embeds rogue codes in training collateral and reports scans back to the Human Risk Dashboard. |
Table 1: Emerging Phishing Vectors in Insurance
By exercising teams across voice, SMS, MFA, and QR channels—not just e-mail—insurers gain the demonstrable, scenario-based resilience regulators now demand and attackers hate to meet.
How Keepnet Fortifies Insurance Providers
Keepnet’s Extended Human Risk Management (xHRM) Platform provides insurers with an all-in-one solution to eliminate human-driven cyber risks and build long-term cyber resilience. Trusted by over 4,000 organizations—from SMEs to global enterprises—Keepnet empowers the insurance sector with the following capabilities:
AI-Driven Phishing Simulations
Keepnet’s adaptive phishing simulation software replicates the latest social engineering tactics, allowing insurers to safely test user behavior. With access to 6,000+ pre-built phishing templates, insurers can launch campaigns that closely mimic real-world attacks. Risky actions—like clicking on malicious links—trigger instant micro-training, reinforcing awareness with every simulation.
Additionally, simulations can be fully customized using 80+ merge tags, enabling targeted emails and landing pages based on user roles and contexts.
Automated Phishing Response
The platform identifies and neutralizes phishing threats in real-time, automating takedowns and responses before damage occurs. This proactive response framework minimizes exposure, shortens response times, and scales efficiently across large insurance ecosystems.
Behavior-Based Security Awareness Training
Keepnet delivers an end-to-end Security Awareness Program that includes 2,100+ training materials in 36+ languages, sourced from 15+ global content providers. These programs include scenario-based training, visual reinforcement (posters, screensavers, infographics), and behavior-triggered learning paths—ensuring every employee and policyholder is equipped to spot and stop threats.
Training paths are personalized based on user behavior, enhancing retention and ensuring that high-risk individuals receive focused support.
Threat Intelligence Integration
Keepnet Threat Intelligence tool continuously monitors for data exposures across the dark web and other breach sources. Insurers are alerted when policyholder credentials are compromised, enabling them to act immediately—whether through containment, communication, or remediation. This integration strengthens trust and reduces incident-related costs.
Customer Success: An Insurance Company Cuts Phishing Claims by 89%
A major EU-based insurer, managing over 10,000 agents and staff, was overwhelmed by rising phishing-related claims and payouts. With phishing driving the majority of cyber losses and limited security awareness among policyholders, the financial strain was mounting.
To address this, the insurer adopted Keepnet’s Extended Human Risk Management Platform. By integrating phishing simulations, automated response tools, and tailored security awareness training into their client offering, they reduced annual claims from 1,644 to just 180—cutting payouts by nearly 89%.
Keepnet’s Human Risk Management platform helped standardize security practices, raise client awareness, and strengthen cyber risk controls across the insurer’s ecosystem.
The Road Ahead: Proactive Insurance Through Cyber Hygiene
Phishing is no longer limited to deceptive emails. Threat actors now use QR code phishing (quishing), MFA bypass techniques, and callback phishing to exploit users in new, sophisticated ways. These tactics target people directly, often bypassing traditional security measures.
To keep pace, insurers must embed proactive cyber hygiene into their offerings. This involves integrating simulations, adaptive training, and real-time threat detection into client engagement—addressing vulnerabilities before they escalate into claims.
This shift from reactive payouts to preventive protection allows insurers to directly lower claim volumes and improve underwriting accuracy. By actively reducing client exposure to phishing and social engineering threats, insurers can enhance policy performance and deliver stronger, more reliable coverage.
Editor's Note: This blog was updated on June 27, 2025.