Relm Insurance Innovative Risk News and Insights Banner

Article

Risk Wrap 007: Insurance Hackers, the Perfect Cyber Storm, and a Huge BTC Treasury

Hackers Target Insurance Industry

The insurance industry is in the crosshairs of a coordinated cyber offensive. Google’s Threat Analysis Group (TAG) has issued a warning that multiple recent intrusions carry the hallmarks of Scattered Spider — a financially motivated threat actor known for its use of social engineering to bypass technical controls.

The group, previously linked to major breaches in US and UK retail sectors, is now turning its attention to insurers. According to TAG’s chief analyst, “multiple intrusions” have already occurred, prompting concerns about lateral movement and credential theft within critical systems.

The attacks are not exploiting software vulnerabilities but human ones. MFA bypass, phishing, and manipulation tactics are central to the group’s approach — making cultural and procedural resilience just as essential as technical defense.

Implications for brokers and clients

  • Underwriters may increasingly focus on human-factor exposures, including MFA usage, internal training, and incident response playbooks.
  • Expect greater scrutiny on cyber hygiene during renewals, especially in sectors like insurance, finance, and healthcare.
  • Brokers may need to help clients assess non-technical vulnerabilities that are less visible but increasingly exploited.

Sources: Insurance Business. (2025, June 17). Hacker group launches assault on insurance industry.
Cybersecurity Dive. (2025, June 17). Threat group linked to UK, US retail attacks now targeting insurance industry.

Reused Credentials and Poor Controls: A Perfect Storm for Cyber Claims Escalation

The UK’s Information Commissioner’s Office (ICO) has fined 23andMe £2.31 million for a breach that exposed names, ethnicities, family links, and genetic data. The breach, caused by credential stuffing, revealed systemic weaknesses in the company’s security posture — including the lack of mandatory MFA, strong password controls, or safeguards against bulk data downloads.

The ICO emphasized that controllers of sensitive data must implement elevated protections. For insurers, this incident reinforces the challenge of quantifying exposure when basic controls are inconsistent across tech-forward firms.

Implications for brokers and clients

  • Risk selection criteria may tighten further around authentication protocols and user access controls.
  • Pricing of cyber cover could shift to reflect claims risk from credential reuse and absent MFA.
  • Brokers should prepare for more detailed client questionnaires on data governance and privilege management.

Source: BBC News. (2025, June 17). UK watchdog fines 23andMe for ‘profoundly damaging’ data breach.

Supply Chain Breach Drains Crypto Wallets

A breach targeting CoinMarketCap users led to the theft of $43,000 across 110 wallets — not by breaching CoinMarketCap itself, but through compromise of a third-party dependency.

Hackers mimicked wallet prompts using spoofed pop-ups and fake authentication flows, exploiting token holders without ever accessing backend infrastructure. The cybersecurity firm c/side clarified that the breach occurred through an upstream component, highlighting the complexity of supply chain risk in decentralized systems.

Implications for brokers and clients

  • Web3 firms with complex front-end dependencies may require revised underwriting frameworks to reflect indirect risk exposure.
  • Demand is likely to increase for policies that clearly respond to social engineering or UI-based attack vectors.
  • Brokers should ensure clients understand how policy language treats losses arising from vendor or third-party tech compromise.

Source: Infosecurity Magazine. (2025, June 23). Fake Web3 Wallet Prompt Steals $43,000 from CoinMarketCap Users.

Cyber Threats Shift Focus from Data Breach to Business Disruption

CFC’s Lindsey Maher reports a strategic shift in the nature of cyberattacks: from traditional data exfiltration to operational disruption. In a growing number of incidents, phishing and impersonation techniques are used not to steal data, but to paralyze services — halting revenue and grinding business continuity processes to a standstill.

With 75% of cyber incidents now involving human error, coverage gaps related to business interruption are under sharper focus — especially for SMEs that lack robust continuity planning.

Implications for brokers and clients

  • Expect underwriters to ask more targeted questions around operational resilience, not just data loss prevention.
  • Coverage clarity around BI triggers (e.g., partial outages, reputational damage) may become a point of negotiation.
  • Clients without formal incident response and continuity plans may face steeper premiums or tighter sublimits.

Source: Insurance Business. (2025, June 21). From big brands to small firms, cyberattacks are escalating.

Bitcoin-fuelled Merger Exposes Volatility and Liability Risks

A new firm, ProCap, has launched following a $750 million fundraise and will hold up to $1 billion in bitcoin on its balance sheet. The model echoes that of MicroStrategy and aims to create revenue through lending and derivatives services.

While investor enthusiasm is high, the strategy also draws scrutiny — both for the financial volatility of bitcoin and for the new category of operational risk it introduces. Regulatory clarity, custody arrangements, and capital management all factor into potential insurability.

Implications for brokers and clients

  • Brokers may face renewed questions around how bitcoin treasury strategies influence D&O, E&O, and crime policies.
  • Underwriters could require additional disclosure on lending activity, custody arrangements, and price volatility management.
  • Firms engaging in digital asset arbitrage or treasury risk-taking may need bespoke or manuscripted coverage terms.

Source: Reuters. (2025, June 24). US investor strikes $1 billion merger to create bitcoin treasury company.

Senate Greenlights Stablecoin Bill, Marking Crypto Regulation Milestone

The US Senate has passed a bill establishing a regulatory framework for stablecoins, laying out how they must be issued, backed, and overseen. This represents a foundational moment for digital assets, offering clarity for institutions and regulators alike.

According to Mayer Brown’s Andrew Olmem, the bill “establishes, for the first time, a regulatory regime for stablecoins.” Insurers and brokers will be closely watching how the framework impacts underwriting appetite for firms operating in tokenized financial systems.

Implications for brokers and clients

  • Regulatory clarity may catalyze the availability of cover for stablecoin issuers, platforms, and custodians.
  • Compliance pathways will likely become embedded in underwriting processes for digital asset clients.
  • Firms operating in unregulated or offshore environments may now face pressure to align with U.S. standards to access coverage.

Source: Reuters. (2025, June 17). US Senate passes stablecoin bill in milestone for crypto industry.

 

Want more market insights?

Revisit the previous edition  — Risk Wrap 006. Each issue unpacks high-impact developments across insurance, risk, and emerging exposures, helping brokers and clients stay a step ahead.

You can also view our LinkedIn snapshot of this edition to see highlights and join the industry conversation.

More you might enjoy...

Scroll

View All View All