As gatekeepers of sensitive client data and digital policy pipelines, insurance brokers have become prime targets for cybercriminals – with ransomware emerging as the industry's most relentless and costly threat.
“Ultimately, brokers are intermediaries in a financial supply chain,” said Scott Bailey (pictured), cyber underwriting leader at CFC. “That position makes them especially appealing to hackers.”
Sitting between insurers and policyholders, brokers transmit sensitive information and, critically, large volumes of money. Bailey drew a parallel to financial advisors: professionals who don’t just handle their own income, but regularly move funds on behalf of others – a dynamic that significantly increases the stakes in the event of a cyberattack.
“The premium that passes through a broker can be five to ten times their actual revenue. And sophisticated hackers know that. They understand there's a much bigger number to target than just the business’s annual income,” he said.
Beyond financial flow, Bailey said that the nature of the data brokers handle can be especially valuable. Those with a specialization in cyber insurance, for example, may hold detailed risk profiles and security postures for numerous clients – a “treasure trove” of intelligence for threat actors seeking to exploit known vulnerabilities.
At the same time, he said that firms that are more digitally native – those that conduct the majority of their operations online – face heightened operational risk. Their revenue, he said, depends on internet uptime, and a successful ransomware attack doesn’t just compromise data – it can halt business entirely.
“They’re probably more exposed than the average small, medium sized business out there in the world or in Canada,” Bailey said.
Despite their high exposure, many insurance brokers may still underestimate just how appealing they are to cybercriminals.
“It’s never ceased to amaze me,” said Bailey, reflecting on his years in cyber insurance with CFC. “There’s still a lingering perception among smaller businesses – including brokers – that they’re simply too small to be targeted.”
While industry awareness of cyber threats has improved dramatically over the past two decades, Bailey believes a dangerous mindset persists, especially in regional or mid-sized firms. Many still assume cyberattacks are problems reserved for multinational corporations or headline-grabbing enterprises.
“You hear things like, ‘I’m a small regional Canadian broker – why would a hacker care about me?’” he said. “That thinking has improved, but it hasn’t disappeared.”
The reality, according to Bailey, is that hacking groups vary significantly in sophistication and intent. While advanced cybercriminals might spend months probing a Fortune 500 company for a massive payoff, less sophisticated groups often deploy mass-scale attacks using cheap, readily available tools – and these can be just as devastating for smaller organizations.
“It doesn’t cost much to develop a basic cyberattack that could easily succeed against a small business with limited defenses,” Bailey said. “Threat actors are highly aware of this – and they target accordingly.”
While awareness of cyber threats may be slowly catching up, the tactics used by criminals have evolved – and for insurance brokers, the dangers are too sophisticated to ignore.
Bailey said that ransomware has been the dominant criminal hacking trend for the last five or six years – and that’s not likely to change in the near future.
“The cyber insurance community understands it better than before, but these attacks remain incredibly difficult to combat,” he said.
Ransomware – in which attackers encrypt a company’s data and demand payment for its release – continues to wreak havoc across industries, but Bailey said that it's not the only tactic on the rise.
“Crime and social engineering attacks are probably the second biggest [cyber] threat to brokers today,” Bailey said.
Unlike traditional cyberattacks that focus on breaching digital systems, social engineering relies on human manipulation. Criminals impersonate trusted entities – like Microsoft or internal IT teams – to trick employees into surrendering login credentials or other sensitive information. These attacks bypass technical safeguards entirely by targeting people instead of systems.
“Social engineering is really just tricking someone into believing you’re someone you’re not,” Bailey said. “It could be a fake email saying your login credentials are about to expire, prompting you to enter your username and password into a fake website. Suddenly, that information is in the hands of a criminal organization.”
Once inside a corporate network, attackers can move laterally, deploy ransomware, access financial data, or hijack communications. And as Bailey pointed out, advances in artificial intelligence are amplifying the scale and believability of these attacks.
“The good news is that AI can also be used to strengthen cyber defense, but it’s also definitely helping expand the attack surface.”
