Insurers remain prime targets for cyber crime due to the sheer volume of private and commercial data they collect, an International Association of Insurance Supervisors issues paper warns.

Any breaches could have severe implications for the global economy, due to the significant contributions insurers make.

The association gives three examples of cyber-security weaknesses involving insurers.

The first is missing or incomplete overviews of the IT landscape.

It says while all insurers should have an inventory of IT hardware and licensed software, those maintaining such records may not recognise data-flows between those systems, applications and components.

“If data-flows exist between systems with high levels of protection and systems with lower security levels, cyber criminals may gain access to otherwise secure systems.”

The association gives the example of health insurer Anthem in the US last year, when personal information for up to 91 million policyholders was breached.

The second security weakness common to insurers is inadequate control processes concerning user privileges.

There are two typical problems: failure of controls in the allocation process for user rights, and failure to recognise when an account no longer needs certain system privileges.

Both could lead to insider abuse and exposure to cyber risks.

Improper access to super-user accounts – with privilege levels far beyond those appropriate for most users – is identified as the third weakness.

If a hacker gains access to such an account, they can effectively control the entire system, and hide criminal acts by modifying or deleting log files or disabling detection mechanisms.

Common use of super-user accounts can also lead to errors affecting the entire system.