Cybersecurity in Insurance: How Greater Chicago Firms Can Guard Against Growing Threats

Cyberattacks are no longer a distant threat. For insurance organizations in the Greater Chicago area, they are a looming, everyday reality. With high-value data on individuals, businesses, and assets, insurance firms have become prime targets for cybercriminals. According to recent industry data, the financial services sector remains among the most attacked industries globally, and regional insurance providers are increasingly vulnerable.

Insurance companies in Chicago face a growing array of cyber risks due to their valuable data, complex digital operations, and expanding attack surfaces. Understanding these challenges, addressing common vulnerabilities, and implementing a resilient cybersecurity strategy are essential. Additionally, staying compliant with regulatory mandates and recognizing the evolving role of cyber insurance are crucial steps in safeguarding both data and reputation.

The Cyber Risk Landscape in Insurance

Insurance companies handle vast amounts of sensitive information: Social Security numbers, health records, financial data, and more. This data makes them attractive targets for various forms of cyberattacks:

• Ransomware: Criminals lock critical systems and demand payment to release data.
• Business Email Compromise (BEC): Attackers impersonate executives or vendors to trick staff into transferring funds.
• Data Breaches: Unauthorized access to customer data can lead to identity theft and regulatory fines.
• Third-party Vendor Risks: Outsourced services and cloud-based platforms introduce vulnerabilities.

The increasing use of digital platforms and remote work solutions post-COVID-19 has only widened the attack surface. In 2023 alone, several mid-sized insurers in the Midwest experienced service disruptions due to ransomware incidents.

Local Risk Factors for Chicagoland Firms

The Greater Chicago area is home to a mix of national carriers, regional insurers, and niche providers. While larger companies may have comprehensive cybersecurity programs, many smaller and mid-sized firms operate with limited IT budgets and aging infrastructure.

Several local factors heighten cybersecurity exposure:

• Legacy Systems: Many insurers still rely on outdated software that lacks modern security features.
• Workforce Distribution: Remote and hybrid models have become standard, requiring secure VPNs and endpoint protection.
• Interconnected Ecosystem: Working with numerous partners and brokers increase the risk of supply chain attacks.

Real-world example: In 2024, RBN Insurance Services, a Chicago-based firm, suffered a breach when an employee’s email was compromised. The breach exposed names, Social Security numbers, bank details, and insurance-related data of over 10,000 individuals. This incident illustrates how even small-to-midsize firms are viable, lucrative targets.

Key Cybersecurity Gaps in Insurance Organizations

Despite growing awareness, significant gaps remain in how insurers approach cybersecurity:

• Inadequate Training: Employees are the first line of defense, yet many fall for phishing scams due to lack of regular, role-specific training.
• Weak Incident Response Plans: Without clear procedures, response times lag during an attack, amplifying damage.
• Poor Patch Management: Delays in updating software and firmware create exploitable vulnerabilities.
• Over reliance on Basic Defenses: Antivirus alone is insufficient; layered, adaptive security measures are required.

In many cases, cybersecurity is treated as an IT issue rather than a business-critical concern. This mindset must change.

Vendor risk continues to be a serious and escalating threat in the insurance sector. A prime example is the breach involving Landmark Admin, a third-party administrator for multiple insurance carriers. Landmark experienced a significant cybersecurity incident in mid-2024, during which a threat actor gained access to its network via stolen credentials, re-entered the environment after initial containment, and exfiltrated data from its systems over the course of more than a month.

Regulatory & Legal Implications

Insurance firms in Illinois are subject to multiple cybersecurity and data privacy laws. Ignorance of these regulations is not an excuse, and violations can be costly.

Key regulations include:

• Illinois Personal Information Protection Act (PIPA): Requires prompt breach notifications and safeguards for personal data.
• Illinois Biometric Information Privacy Act (BIPA): Regulates the collection, use, and protection of biometric data.
• NAIC Insurance Data Security Model Law: Adopted by many states, including Illinois, it mandates risk assessments, incident response plans, and board-level accountability.
• Gramm-Leach-Bliley Act (GLBA): Federal law governing how financial institutions handle consumer information.

Failure to comply can result in fines, lawsuits, and reputational damage. Additionally, regulators are increasing scrutiny on cybersecurity governance, with boards expected to take active oversight roles.

Best Practices & Recommendations

To strengthen cybersecurity posture, insurance companies in the Greater Chicago area should consider the following steps:

1. Implement a Zero Trust Architecture: This model assumes no internal or external traffic is trustworthy by default. Every user and device must be verified.
2. Conduct Regular Security Training: Focus on phishing, password hygiene, and incident reporting. Tailor content to different roles and departments.
3. Adopt Multi-Factor Authentication (MFA): Secure access to all systems, especially for remote users.
4. Create and Test Incident Response Plans: Simulate attacks to test readiness and reduce recovery times.
5. Perform Frequent Risk Assessments: Identify weak points in the network, evaluate third-party risks, and address findings swiftly.
6. Encrypt All Sensitive Data: In storage and in transit, to limit exposure if a breach occurs.
7. Partner with a Managed Security Service Provider (MSSP): Gain access to 24/7 monitoring, expertise, and incident response resources.
8. Invest in Endpoint Detection and Response (EDR): Real-time monitoring tools can flag and stop suspicious behavior before damage is done.

Real-world validation: The recent New Era Life Insurance breach impacted over 335,000 individuals, demonstrating how attackers exploit even short-lived vulnerabilities (in this case, 9 days of access). This shows how rapid response and real-time monitoring are critical to limiting damage.

The Role of Cyber Insurance

While building internal defenses is crucial, cyber insurance offers a safety net when incidents occur. But it’s not a silver bullet.

Cyber insurance can cover:

• Incident response costs
• Legal fees
• Regulatory fines
• Customer notification and credit monitoring
• Business interruption losses

However, insurers are becoming more selective. Companies must demonstrate solid cybersecurity hygiene to qualify for affordable policies. Carriers increasingly require:

• MFA implementation
• Employee training logs
• Documented security policies
• Evidence of data backups and recovery testing

According to Marsh’s 2023 report, cyber claims reached a record high, especially from sectors like healthcare and financial services. Median extortion demands jumped from $1.4 million in 2022 to $20 million in 2023, and median extortion payments rose to $6.5 million. These rising costs reinforce the need for both preventative controls and the financial buffer cyber insurance provides.

Local Resources for Cybersecurity Help

Insurance providers in Illinois don’t have to go it alone. Reintivity, a Managed IT Services and Consulting firm based in the region, helps insurance companies navigate the complex world of cybersecurity with tailored solutions that align with business goals and compliance requirements. From strategic consulting to hands-on implementation, Reintivity offers:

• Cybersecurity risk assessments
• System hardening and patch management
• Ongoing monitoring and threat response
• Employee training and phishing simulations

Reintivity understands the unique challenges facing insurance firms and provides scalable services that evolve with your organization’s needs. By working with a trusted local partner, Chicago-area insurers can build a security-first culture and confidently defend against today’s sophisticated cyber threats.

The cybersecurity stakes for insurance organizations have never been higher. With sensitive data, complex digital ecosystems, and growing regulatory scrutiny, these firms must act decisively.

A proactive, multi-layered approach—one that includes strong internal controls, employee education, compliance with evolving laws, and appropriate cyber insurance coverage—is no longer optional. It’s a business imperative.

For insurers in Chicagoland, the question isn’t whether a cyberattack will happen. It’s whether they’ll be ready when it does.

Sidebar: Recent Illinois and Midwest Insurance Breaches

• RBN Insurance Services (Chicago) – Email breach exposed health, financial, and insurance data of 10,205 individuals.
• Accendo Insurance / Landmark Admin – Ransomware attack on a business associate compromised extensive PII and health information.
• Blue Cross Blue Shield of Illinois – Member portal compromised, affecting personal data between Nov 2024 and March 2025.
• New Era Life Insurance – Over 335,000 affected in a December 2024 cyber intrusion that led to the copying of sensitive insurance data.
• DuPage County Health Department – Physical records containing PHI were likely destroyed during a renovation, exposing names, addresses, diagnoses, and treatment info for individuals who received communicable disease services in 2023