Keepnet Labs Logo
Menu
HOME > blog > phishing defense with keepnet labs

Fortifying the Insurance Landscape Against Phishing with Keepnet

The threat landscape constantly evolves, presenting new challenges for businesses and individuals. Among these threats, phishing is a particularly insidious and prevalent cyberattack.

Fortifying the Insurance Landscape Against Phishing with Keepnet

Phishing remains one of the most disruptive threats to the insurance industry, undermining trust, exposing sensitive data, and triggering costly claims. Today’s attacks are not only more convincing but also powered by generative AI. In fact, 60% of recipients fall victim to GenAI-driven phishing, a rate comparable to traditional methods but far harder to detect. (Source)

For insurers, this shift signals an urgent need to rethink cyber defense strategies. In this blog, we explore how Keepnet is fortifying the insurance landscape against phishing by transforming human risk into a measurable and manageable defense layer, helping insurers prevent incidents before they occur.

The State of Phishing in Insurance

The insurance sector now sits in the cross-hairs of professional cybercrime crews that have perfected social engineering at scale. Verizon’s 2025 DBIR records 3,336 security incidents and 927 confirmed breaches in the combined Financial & Insurance vertical; System Intrusion, Social Engineering (phishing, pretexting, and BEC), and basic web app attacks together powered 74% of those breaches. FS-ISAC’s Navigating Cyber 2024 review echoes the trend, warning that insurers face a “surging fraud and scam wave” amplified by generative-AI tooling.

Why does it hurt so much? The global average cost of a data breach reached US$4.88 million in 2024—a 10% increase year-over-year. Insurance carriers also feel the pain on their balance sheet: NAIC loss data show that the market-wide cyber loss ratio climbed to 41.6% in 2023 (stand-alone policies ran even hotter at 44.3%).  At the claim level, phishing-driven events for SMEs now average roughly US$345,000.

Timing matters: Attackers routinely launch renewal-themed lures, “It’s time to review your policy” emails or calls, knowing that legitimate policy-review traffic peaks each quarter. They also strike in the chaotic aftermath of natural catastrophes, when customers rush to file claims and are less vigilant; the National Insurance Crime Bureau estimates that fraud touched 10% of the US$93 billion in 2023 catastrophe losses.

Together, these windows create lucrative entry points for credential theft, funds-transfer fraud, and data-exfiltration schemes that erode underwriting margins and brand trust.

Common Payloads

Phishing campaigns against insurers rarely stop at a single email. Typical payloads include:

  • Invoice-fraud e-mails spoofing brokers or adjusters to reroute indemnity payments.
  • Malicious attachments (macro-laden loss-run spreadsheets, claimant photos) that side-load remote-access trojans.
  • Credential-harvesting portals mirroring agent portals, policy-holder dashboards or catastrophe-claim intake pages—often delivered via QR codes or “push-to-verify” MFA fatigue attacks.

Each vector is fine-tuned to exploit high-trust, high-speed workflows where a 30-second lapse can pivot straight into policy-admin systems or claims-payment rails.

Human Risk Hotspots

Phishing succeeds because specific roles sit closest to money, data or customer contacts:

  • Claims adjusters & catastrophe teams — forced to process large document sets under strict time pressure after storms and fires; attackers exploit urgency to slip in malware or fake wire instructions.
  • Contact-center representatives — voice, SMS and e-mail scripts aim to harvest authentication tokens or trigger password resets for policy portals.
  • Independent agents & BYOD users — many operate on personal laptops or mobiles outside corporate EDR coverage, and Verizon records unmanaged-endpoint credential leaks in 46 % of infostealer logs. 

Keepnet bridges this critical gap by embedding human risk management into the insurance process. Through targeted phishing simulations and behavior-based training, insurers can transform vulnerable users into a strong first line of defense—reducing exposure and reinforcing trust across the policyholder base.

For a deeper look at how to manage and reduce human-centric cyber risks, explore our strategic guide on End-to-End Human Risk Management.

Regulatory & Compliance Pressures

Across every major rulebook, “reasonable assurance” now means evidence that staff can spot and stop a phishing attempt—not just that a policy exists.

  • GDPR / UK ICO accountability framework treats security awareness as a living control: all employees must receive role-relevant, regularly refreshed training and organisations must monitor and prove its effectiveness. 
  • The NAIC Insurance Data Security Model Law obliges carriers and agents to “develop, implement, and maintain an information-security program” based on continuous risk assessments—state examiners can demand proof that phishing defences are working in practice. 
  • PCI DSS v4.0 raises the bar with Requirement 12.6: security-awareness programs must cover phishing, social engineering and emerging threats, be reviewed at least annually, and include measurable learning outcomes. 
  • The UK PRA Supervisory Statement SS2/21 links outsourcing, data security and operational resilience: insurers must show that critical third-party and in-house services can withstand cyber-attacks, specifically citing the need for controls around data security and business-continuity testing. 

Collectively, these frameworks convert best-practice phishing simulations, near-real-time training nudges and board-level reporting from “nice to have” into regulatory hygiene. Insurers that cannot demonstrate a closed loop—risk assessment → targeted simulations → metrics → remediation—now face enforcement action, higher capital charges or remediation orders.

Keepnet’s diversified phishing simulators, human-risk scoring and audit-ready dashboards give compliance teams the artefacts regulators expect, turning regulatory pressure into a strategic advantage.

Emerging Attack Vectors Insurers Can’t Ignore

Phishing campaigns aimed at insurers are no longer limited to e-mail—they’re multichannel, fast-moving, and crafted to exploit policy-holder anxiety in the wake of record catastrophe losses. Below are four vectors gaining momentum, why they resonate in an insurance context, and how Keepnet’s purpose-built simulators let risk teams rehearse and harden every weak spot.

VectorWhy It Works in InsuranceKeepnet Countermove
Voice phishing (vishing)Fraudsters imitate claimants or brokers to reset portal credentials, reroute indemnity wires, or harvest FNOL data. Financial institutions already absorb 55% of all vishing activity—and insurers are next in line.Voice Phishing Simulator auto-dials staff with realistic claimant scripts, grades verification steps, and triggers instant remedial micro-learning.
SMS phishing (smishing)After hurricanes or wildfires, catastrophe-relief texts with malicious links surge. With $154 billion in 2024 insured catastrophe costs, urgency and confusion create perfect clickbait.SMS Phishing Simulator schedules templated “disaster-alert” messages, measuring click-through by role and surfacing gaps in mobile security policy.
MFA fatigue & push bombingAdjusters juggling hundreds of claims approve rogue MFA pushes just to clear notification noise—an attack pattern spotlighted in multiple high-profile breaches.MFA Phishing Simulator floods test devices with rapid-fire prompts, tracking time-to-approval and flagging users who bypass policy.
QR phishing (quishing)Lobby posters or conference flyers promise “Quick Quote” links but resolve to credential traps. AI-assisted toolkits make these codes trivial to weaponise.QR Phishing Simulator embeds rogue codes in training collateral and reports scans back to the Human Risk Dashboard.

Table 1: Emerging Phishing Vectors in Insurance

By exercising teams across voice, SMS, MFA, and QR channels—not just e-mail—insurers gain the demonstrable, scenario-based resilience regulators now demand and attackers hate to meet.

How Keepnet Fortifies Insurance Providers

Keepnet’s Extended Human Risk Management (xHRM) Platform provides insurers with an all-in-one solution to eliminate human-driven cyber risks and build long-term cyber resilience. Trusted by over 4,000 organizations—from SMEs to global enterprises—Keepnet empowers the insurance sector with the following capabilities:

AI-Driven Phishing Simulations

Keepnet’s adaptive phishing simulation software replicates the latest social engineering tactics, allowing insurers to safely test user behavior. With access to 6,000+ pre-built phishing templates, insurers can launch campaigns that closely mimic real-world attacks. Risky actions—like clicking on malicious links—trigger instant micro-training, reinforcing awareness with every simulation.

Additionally, simulations can be fully customized using 80+ merge tags, enabling targeted emails and landing pages based on user roles and contexts.

Automated Phishing Response

The platform identifies and neutralizes phishing threats in real-time, automating takedowns and responses before damage occurs. This proactive response framework minimizes exposure, shortens response times, and scales efficiently across large insurance ecosystems.

Behavior-Based Security Awareness Training

Keepnet delivers an end-to-end Security Awareness Program that includes 2,100+ training materials in 36+ languages, sourced from 15+ global content providers. These programs include scenario-based training, visual reinforcement (posters, screensavers, infographics), and behavior-triggered learning paths—ensuring every employee and policyholder is equipped to spot and stop threats.

Training paths are personalized based on user behavior, enhancing retention and ensuring that high-risk individuals receive focused support.

Threat Intelligence Integration

Keepnet Threat Intelligence tool continuously monitors for data exposures across the dark web and other breach sources. Insurers are alerted when policyholder credentials are compromised, enabling them to act immediately—whether through containment, communication, or remediation. This integration strengthens trust and reduces incident-related costs.

Customer Success: An Insurance Company Cuts Phishing Claims by 89%

A major EU-based insurer, managing over 10,000 agents and staff, was overwhelmed by rising phishing-related claims and payouts. With phishing driving the majority of cyber losses and limited security awareness among policyholders, the financial strain was mounting.

To address this, the insurer adopted Keepnet’s Extended Human Risk Management Platform. By integrating phishing simulations, automated response tools, and tailored security awareness training into their client offering, they reduced annual claims from 1,644 to just 180—cutting payouts by nearly 89%.

Keepnet’s Human Risk Management platform helped standardize security practices, raise client awareness, and strengthen cyber risk controls across the insurer’s ecosystem.

Read the full story here.

The Road Ahead: Proactive Insurance Through Cyber Hygiene

Phishing is no longer limited to deceptive emails. Threat actors now use QR code phishing (quishing), MFA bypass techniques, and callback phishing to exploit users in new, sophisticated ways. These tactics target people directly, often bypassing traditional security measures.

To keep pace, insurers must embed proactive cyber hygiene into their offerings. This involves integrating simulations, adaptive training, and real-time threat detection into client engagement—addressing vulnerabilities before they escalate into claims.

This shift from reactive payouts to preventive protection allows insurers to directly lower claim volumes and improve underwriting accuracy. By actively reducing client exposure to phishing and social engineering threats, insurers can enhance policy performance and deliver stronger, more reliable coverage.

Editor's Note: This blog was updated on June 27, 2025.

SHARE ON

twitter
linkedin
facebook

Schedule your 30-minute demo now

You'll learn how to:
tickAutomate behaviour-based security awareness training for employees to identify and report threats: phishing, vishing, smishing, quishing, MFA phishing, callback phishing!
tickAutomate phishing analysis by 187x and remove threats from inboxes 48x faster.
tickUse our AI-driven human-centric platform with Autopilot and Self-driving features to efficiently manage human cyber risks.

Frequently Asked Questions

What is phishing in the insurance sector, and why is it increasing in 2025?

arrow down

Phishing in the insurance industry refers to deceptive tactics—like fake emails, voice calls, SMS, or QR codes—used to steal sensitive data such as login credentials, claim information, or policyholder PII. In 2025, phishing attacks on insurers are rising sharply due to the high value of customer data, weak multi-channel defenses, and increased digitization. Fraudsters now leverage AI-generated voices and messages to target claims teams and policyholder portals, making phishing more difficult to detect and prevent.

Why are insurance companies primary targets for voice phishing (vishing) attacks?

arrow down

Insurance companies are prime vishing targets because fraudsters can impersonate policyholders or brokers to reset credentials, file false claims, or reroute indemnity payouts. Call centers and claims adjusters often work under pressure and rely on voice interactions, creating exploitable gaps in verification processes. Keepnet’s Voice Phishing Simulator helps insurers proactively test and improve their voice-response security protocols.

How does SMS phishing (smishing) exploit catastrophic events in insurance?

arrow down

Smishing exploits moments of chaos—like natural disasters—when customers expect urgent communication. Cybercriminals send fake SMS messages that appear to be from insurance providers, offering catastrophe relief or claim updates, which contain malicious links. These attacks trick overwhelmed users into giving up credentials or downloading malware. Keepnet’s SMS Phishing Simulator replicates these attack types, helping staff recognize and respond safely under pressure.

How does MFA Fatigue affect insurance claims teams?

arrow down

MFA fatigue (or push-bombing) happens when attackers flood users with repeated MFA prompts, hoping they’ll approve one out of habit or confusion. Claims teams processing high volumes of customer requests are particularly vulnerable. A single unauthorized approval can expose entire portals. Keepnet’s MFA Phishing Simulator tests this exact scenario and highlights users who need additional training or security adjustments.

What is QR phishing (quishing) and how can it affect insurance agents and brokers?

arrow down

QR phishing targets users with rogue QR codes that redirect to fake login or document pages. In insurance, these may appear on lobby posters, conference flyers, or policy brochures. Since agents often access tools via mobile devices, they’re more likely to scan such codes quickly. Keepnet’s QR Phishing Simulator safely tests and reports scan behavior across teams, reinforcing secure QR hygiene.

What makes phishing training critical for insurance compliance in 2025?

arrow down

Regulators like NAIC, GDPR, PRA, and PCI DSS now demand evidence of phishing resilience, not just generic security policies. Insurers must run ongoing phishing simulations, adapt content to roles, and prove staff can spot threats. Keepnet’s Human Risk Management Platform aligns with these mandates by providing voice, SMS, QR, and MFA phishing simulations with detailed, audit-ready reports.

How can Keepnet help insurers build a phishing-resilient workforce?

arrow down

Keepnet empowers insurers with scenario-based phishing simulations across multiple vectors—not just email. The platform offers instant microlearning when users fall for a simulation, human risk scoring by department, and gamified training tailored to claims adjusters, brokers, and contact center staff. This adaptive approach boosts engagement, retention, and measurable improvement in security posture.

What phishing metrics should insurers track for performance and ROI?

arrow down

Key phishing resilience metrics include:

Keepnet provides real-time dashboards and compliance-ready reports that track these metrics, helping insurers show ROI to leadership and auditors.

  • Click-through rate on phishing simulations
  • Response rate to vishing calls
  • Human risk score by role or department
  • MFA prompt approval times
  • Time to remediation after failure

Can phishing simulations be localized for global insurance teams?

arrow down

Yes. Insurance teams often span multiple countries and languages, with localized regulations. Keepnet supports multilingual training and simulation content to reflect local phishing tactics and user behaviors. This ensures training resonates, improves learning outcomes, and meets international compliance standards.

How quickly can an insurance company deploy Keepnet’s phishing defense tools?

arrow down

Most insurance firms can begin running phishing simulations with Keepnet within days. The platform is hosted on Microsoft Azure, ISO/IEC 42001-certified, and integrates easily with identity providers and HR systems. Templates for voice, SMS, MFA, and QR phishing are included—customized by business line and role. Keepnet’s customer success team guides implementation from onboarding to reporting.