The insurance industry, like most critical service industries, has undergone a digital transformation. Customers’ sensitive personal information—particularly that which is seen as valuable and desirable to various adversaries—is now stored as bits and bytes on hard drives, networks, and in the cloud. As a result, insurance companies have become attractive targets for financially-motivated threat actors keen on committing fraud or other types of illicit schemes. In response, more insurance leaders are leveraging Flashpoint to gain a decision advantage over these threats and adversaries.

Below are examples of the types of threats and challenges Flashpoint helps insurance companies address:


The large and decentralized nature of many insurance companies—not to mention the abundance of sensitive personal information they store—can make them susceptible to malicious insiders. A recent survey found that 48 percent of insurers consider insider threats to be their greatest risk. While insider threats can be complex and take various forms, many involve extensive planning and collaboration among adversaries on illicit communities. Without visibility into these underground communities, insurance companies may struggle to detect and mitigate insider threats effectively and proactively.

In one instance, Flashpoint analysts uncovered previously unknown ties between a job candidate applying for a position at a Fortune 500 company and a threat actor known for recruiting insiders to steal corporate data on illicit communities. Flashpoint quickly alerted the company of these ties, prompting them to blacklist the applicant and implement intelligence-led measures to reinforce the security of their sensitive data.


Fraud has long been considered one of the most persistent and complex threats facing the insurance industry. In addition to filing fraudulent claims, adversaries have also been known to sell various forms of falsified insurance cards and other forged or stolen documents on underground marketplaces. However, since many of today’s adversaries collaborate with one another and develop fraudulent schemes on illicit communities, Flashpoint’s visibility into these regions of the Internet enables insurers to proactively detect and mitigate various types of insurance fraud.

In particular, Flashpoint’s intelligence has proven instrumental in supporting insurance leader Aflac’s One Day Pay initiative. By making it quick and easy for the company to investigate suspicious claims, Flashpoint helps Aflac identify potential instances of insurance fraud and take preemptive action before losses occur.

“This type of proactive mitigation has been invaluable because it really affects the bottom line across the entire company,” explains DJ Goldsworthy, Director of Security Operations and Threat Management at Aflac.


Despite insurers’ ongoing efforts to maintain state-of-the-art defenses, skilled cybercriminals continue to develop new malware strains capable of bypassing even the strictest security controls. Given that new strains are typically developed and distributed among threat actors on illicit communities prior to being released in the wild, maintaining visibility into these underground communities is crucial. Flashpoint’s ongoing monitoring and analysis of illicit communities enables insurers to gain proactive insight into emerging malware.

In one instance, Flashpoint uncovered the early-stage development of an unreleased strain of ransomware leveraging RSA-2048 encryption which prevented victims from accessing files until a ransom was paid. While monitoring an illicit forum, analysts gleaned critical information about the ransomware, such as who was producing it, where and how its development was taking place, and as a result were able to publish indicators of compromise—intelligence that enabled customers to deploy appropriate countermeasures and proactively combat the ransomware before it was released in the wild.


The insurance industry’s susceptibility to a particularly broad spectrum of risks stemming from small-scale fraudulent claims to insider threats and ransomware can make the incident response processes especially challenging for insurers. Flashpoint’s extensive lingual, social, and cultural expertise, as well as comprehensive access to illicit communities, helps insurers proactively identify and ultimately investigate potential incidents.

In one situation, Flashpoint observed a highly reputable threat actor on an underground marketplace offer to sell access to a global corporation’s internal network. After verifying the breach’s validity, Flashpoint conducted a technical analysis of the threat actor to identify the source of the compromise and help the company mitigate any additional exposure.

Did this answer your question?