Web Application Security for Insurance

Attack Surface Analysis and Benchmark Study for Europe’s Top Insurance Companies.

Attacks against the financial sector increased 238% globally. The pandemic has caused insurance companies to introduce more applications than ever to stay competitive. However, the demands for accelerated development often outpace the speed to remediate code vulnerabilities, creating ‘security debt’ that keeps adding to their risk exposure whilst never being fixed once released.

The problem of security debt is putting insurers at increased risk to preserve data integrity and maintain compliance. In this study, we analyzed the top 10 insurance companies in Europe to ascertain their web application exposure and pinpoint the most common attack vectors and potential vulnerabilities affecting the sector. Enabling insurance security professionals to benchmark their application security hygiene and understand where they fall short.

Key report findings in the report:

  • Top EU insurers have an average attack surface score of 38.10 (out of 58.24) vs online retail at 42.37 and Credit Unions at 16.39
  • Top EU insurers run a total of 7,611 internet-facing web applications over 1,920 domains, with 2.98% of them considered suspicious e.g., test environments
  • 22.51% of these applications identified are found to be using old components containing known vulnerabilities that could be exploited
  • Page Creation Methods (77.7*), Degree of Distribution (77.7*), and Active Contents (54*) are the top 3 attack vectors affecting insurance applications
  • Other security and compliance issues detected include basic SSL, cookie consent, and privacy policy defects.

*average score out of a 100

Download the 2021 Web Application Security for Insurance report and get best practice advice to improve your security posture.