Tag: insurance
-
Building trust with the board through evidence-based proof
Tags: backup, business, cio, ciso, compliance, control, cyber, cybersecurity, data, finance, governance, incident, insurance, mitigation, regulation, resilience, risk, strategy, tool, updateBuilding a common language to get to “Here’s the proof of cyber resilience”: CISOs can reframe the discussion using data and evidence. Modern cybersecurity tools produce a large volume of data and information on how they operate at any point in time, the status of controls deployed, the validation of configuration and more. There’s an…
-
MomentProof Deploys Patented Digital Asset Protection
Washington, DC, February 4th, 2026, CyberNewsWire MomentProof, Inc., a provider of AI-resilient digital asset certification and verification technology, today announced the successful deployment of MomentProof Enterprise for AXA, enabling cryptographically authentic, tamper-proof digital assets for insurance claims processing. MomentProof’s patented technology certifies images, video, voice recordings, and associated metadata at the moment of capture, ensuring…
-
Should I stay or should I go?
Tags: access, breach, business, ceo, cio, ciso, communications, compliance, cybersecurity, finance, fraud, insurance, jobs, network, risk, strategy, supply-chain, update, vulnerabilityRed flag: Cognitive disconnect: Lack of access to executives and the board comes up repeatedly in Cybersecurity Ventures reports as a top reason CISO’s decide to leave their jobs, according to Steve Morgan, founder of Cybersecurity Ventures. He cites lack of support as another top reason CISO’s leave.Splunk’s 2025 CISO report found 29% of respondents…
-
5 cybersecurity trends to watch in 2026
Corporations across the globe are facing a dynamic risk environment, as AI adoption surges with few guardrails, business resilience takes center stage and the insurance industry raises major concerns about the U.S. cyber market. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/5-cybersecurity-trends-2026/810354/
-
PNB MetLife Phishing Attack: Multi-Stage Scheme Steals Data, Triggers UPI Payments
A sophisticated multi-stage phishing campaign is actively targeting PNB MetLife Insurance customers through fake payment gateway pages. The attack chain extracts customer details, forces fraudulent UPI payments, and escalates to full banking credential harvesting. Attackers exploit customer trust in the brand while leveraging free hosting services and Telegram bots to exfiltrate data in real time.…
-
PNB MetLife Phishing Attack: Multi-Stage Scheme Steals Data, Triggers UPI Payments
A sophisticated multi-stage phishing campaign is actively targeting PNB MetLife Insurance customers through fake payment gateway pages. The attack chain extracts customer details, forces fraudulent UPI payments, and escalates to full banking credential harvesting. Attackers exploit customer trust in the brand while leveraging free hosting services and Telegram bots to exfiltrate data in real time.…
-
13 cyber questions to better vet IT vendors and reduce third-party risk
Tags: access, api, attack, authentication, automation, best-practice, breach, business, ceo, ciso, cloud, compliance, control, credentials, credit-card, cyber, cyberattack, cybercrime, cybersecurity, data, detection, endpoint, exploit, extortion, firewall, healthcare, identity, incident response, infrastructure, insurance, international, ISO-27001, jobs, least-privilege, mfa, monitoring, network, nist, password, PCI, penetration-testing, radius, ransomware, risk, saas, sans, security-incident, service, supply-chain, threat, update, vpn, vulnerabilityVital vendor questions CISOs should ask: To gain that critical information, security leaders and experts recommend CSOs ask IT partners the following cyber-specific questions. 1. What attestation will you provide to prove proper security controls are in place? These are essential, says Juan Pablo Perez-Etchegoyen, CTO for cybersecurity and compliance platform Onapsis. Some of the…
-
13 cyber questions to better vet IT vendors and reduce third-party risk
Tags: access, api, attack, authentication, automation, best-practice, breach, business, ceo, ciso, cloud, compliance, control, credentials, credit-card, cyber, cyberattack, cybercrime, cybersecurity, data, detection, endpoint, exploit, extortion, firewall, healthcare, identity, incident response, infrastructure, insurance, international, ISO-27001, jobs, least-privilege, mfa, monitoring, network, nist, password, PCI, penetration-testing, radius, ransomware, risk, saas, sans, security-incident, service, supply-chain, threat, update, vpn, vulnerabilityVital vendor questions CISOs should ask: To gain that critical information, security leaders and experts recommend CSOs ask IT partners the following cyber-specific questions. 1. What attestation will you provide to prove proper security controls are in place? These are essential, says Juan Pablo Perez-Etchegoyen, CTO for cybersecurity and compliance platform Onapsis. Some of the…
-
Driving Passwordless Adoption with FIDO and Biometric Authentication
Tags: access, attack, authentication, awareness, banking, breach, business, cloud, compliance, container, control, credentials, cyber, data, defense, fido, finance, fraud, government, Hardware, iam, identity, insurance, login, mobile, passkey, password, phishing, risk, service, technology, threat, trainingDriving Passwordless Adoption with FIDO and Biometric Authentication madhav Tue, 01/13/2026 – 06:13 For decades, passwords have been the default mechanism for securing digital access. They are deeply embedded in enterprise systems and workflows, yet they were never designed to withstand today’s threat landscape. Cybersecurity Sarah Lefavrais – IAM Product Marketing Manager More About This…
-
8 things CISOs can’t afford to get wrong in 2026
Tags: access, advisory, ai, attack, automation, awareness, breach, business, ciso, cloud, communications, compliance, control, cyber, cyberattack, cybersecurity, data, data-breach, defense, dora, encryption, finance, firmware, GDPR, healthcare, identity, incident response, india, infrastructure, injection, insurance, intelligence, iot, jobs, law, malicious, monitoring, network, privacy, ransom, regulation, resilience, risk, saas, scam, service, software, strategy, supply-chain, tactics, technology, theft, threat, tool, training, update, vulnerability, zero-trust“Identity and access controls for AI agents and AI platforms are one of the most important areas of concern for CISOs,” says Jason Stading, director at global technology research and advisory firm ISG. “Right now, permissions and access rights for AI are a black box in many areas. We will see a major push over…
-
As Ransomware Attacks Surge, Healthcare Must Look Beyond Compliance to Establish a Cyber Risk Mindset
Tags: attack, compliance, cyber, cybersecurity, data-breach, healthcare, insurance, ransomware, riskThe February 2024 Change Healthcare incident exposed 190 million patient records and disrupted healthcare operations nationwide, but it highlighted something far more concerning: the U.S. healthcare sector faces an unprecedented cybersecurity crisis. Healthcare is now the third most-targeted sector, experiencing a 32% surge in ransomware attacks last year. Cyber insurance claims tied to these incidents..…
-
CISOs Face A Tighter Insurance Market in 2026
Insured entities are becoming more sophisticated in their views on how cyber policies fit into their broader risk management plans. First seen on darkreading.com Jump to article: www.darkreading.com/endpoint-security/cisos-face-tighter-insurance-market
-
Sedgwick discloses data breach after TridentLocker ransomware attack
Sedgwick confirmed a cyber incident at its federal contractor unit after TridentLocker claimed to steal 3.4GB of data. Sedgwick is a leading global claims management and risk services provider operating in the insurance and risk solutions sector. It employs roughly 33,000 people worldwide, across more than 80 countries. Estimated annual revenue is in the multi-billion…
-
Sedgwick discloses data breach after TridentLocker ransomware attack
Sedgwick confirmed a cyber incident at its federal contractor unit after TridentLocker claimed to steal 3.4GB of data. Sedgwick is a leading global claims management and risk services provider operating in the insurance and risk solutions sector. It employs roughly 33,000 people worldwide, across more than 80 countries. Estimated annual revenue is in the multi-billion…
-
New Tech Deployments That Cyber Insurers Recommend for 2026
An analysis of cyber-insurance claims data shows which cyber defenses actually work for policyholders. Here are six technologies that will pay off for companies in 2026. First seen on darkreading.com Jump to article: www.darkreading.com/cyber-risk/cybersecurity-tech-recommended-by-cyber-insurer-claims-data
-
US insurance giant Aflac says hackers stole personal and health data of 22.6 million people
Aflac, one of the largest insurance companies in the U.S., confirmed hackers stole reams of personal data, including Social Security numbers, identity documents, and health information. First seen on techcrunch.com Jump to article: techcrunch.com/2025/12/23/us-insurance-giant-aflac-says-hackers-stole-personal-and-health-data-of-22-6-million-people/
-
US insurance giant Aflac says hackers stole personal and health data of 22.6 million
Aflac, one of the largest insurance companies in the U.S., confirmed hackers stole reams of personal data, including Social Security numbers, identity documents, and health information. First seen on techcrunch.com Jump to article: techcrunch.com/2025/12/23/us-insurance-giant-aflac-says-hackers-stole-personal-data-of-22-6-million/
-
Best of 2025: Scattered Spider Targets Aflac, Other Insurance Companies
Fresh off a series of recent attacks targeting major retail companies in the United States and the UK, the notorious Scattered Spider cybercrime group is now targeting insurance companies, and earlier this month apparently bagged a high-profile victim in Aflac. The intrusion in Aflac, which was detected June 12 when the insurance company’s security team..…
-
What CISOs should know about the SolarWinds lawsuit dismissal
Responsibility without authority is the real risk: At the heart of the SolarWinds lawsuit was a familiar problem for security leaders: responsibility without authority. The dynamic that caught Tim Brown in the SEC’s jaws is that, despite his experience, seniority, and title, he, like most CISOs, carries tremendous responsibility without any real organizational authority to…
-
What CISOs should know about the SolarWinds lawsuit dismissal
Responsibility without authority is the real risk: At the heart of the SolarWinds lawsuit was a familiar problem for security leaders: responsibility without authority. The dynamic that caught Tim Brown in the SEC’s jaws is that, despite his experience, seniority, and title, he, like most CISOs, carries tremendous responsibility without any real organizational authority to…
-
ISMG Editors’: When KYC No Longer Signals Trust
Also: Cyber Insurers Brace for AI Risk, Shopping Agents Rewrite E-commerce. In this week’s ISMG Editors’ Panel, four editors examine how artificial intelligence is quietly reshaping trust, risk and decision-making, from identity verification and cyber insurance to the rise of AI agents in online shopping. The ISMG Editors’ Panel runs weekly. First seen on govinfosecurity.com…
-
D&O liability protection rising for security leaders, unless you’re a midtier CISO
Tags: access, best-practice, breach, business, ciso, compliance, control, cyber, cybersecurity, data, data-breach, defense, finance, governance, incident response, insurance, jobs, law, network, risk, risk-management, security-incident, toolA question of indemnity: But Ryan Griffin, US cyber leader at insurance broker McGill and Partners, points out that the difference between D&O insurance and a direct indemnification agreement is often misunderstood.”The most crucial tool for a CISO’s protection is the indemnification agreement with their employer,” Griffin explains. “The D&O policy is how the company…
-
D&O liability protection rising for security leaders, unless you’re a midtier CISO
Tags: access, best-practice, breach, business, ciso, compliance, control, cyber, cybersecurity, data, data-breach, defense, finance, governance, incident response, insurance, jobs, law, network, risk, risk-management, security-incident, toolA question of indemnity: But Ryan Griffin, US cyber leader at insurance broker McGill and Partners, points out that the difference between D&O insurance and a direct indemnification agreement is often misunderstood.”The most crucial tool for a CISO’s protection is the indemnification agreement with their employer,” Griffin explains. “The D&O policy is how the company…
-
The 12 Months of Innovation: How Salt Security Helped Rewrite API AI Security in 2025
Tags: access, ai, api, attack, automation, breach, business, ciso, cloud, compliance, control, crowdstrike, cyber, data, data-breach, defense, detection, email, exploit, github, governance, injection, insurance, intelligence, privacy, risk, risk-management, software, strategy, supply-chain, threat, tool, wafAs holiday lights go up and inboxes fill with year-in-review emails, it’s tempting to look back on 2025 as “the year of AI.” But for security teams, it was something more specific the year APIs, AI agents, and MCP servers collided across the API fabric, expanding the attack surface faster than most organizations could keep…