Five Carriers Got Breached. They Wouldn't Insure Themselves

The controls that failed at Erie and Beacon are the same ones on every cyber application

Ransomware groups have spent the past 12 months systematically breaching insurance carriers, hitting Beacon Mutual, Farmers Insurance, Erie Insurance, Philadelphia Insurance Companies, and Aflac in a campaign that Google’s Threat Intelligence Group attributes to Scattered Spider, a threat actor known for cycling through industries until defenses harden. The attacks exploited the same control failures that cyber underwriters now treat as non negotiable on every commercial application: social engineering at help desks, incomplete multi factor authentication deployment, and gaps in endpoint monitoring. For carriers that write, distribute, or reinsure cyber coverage, the exposure is no longer hypothetical. Courts have already voided policies over the exact MFA gaps that Scattered Spider exploited, CISA’s 72 hour federal incident reporting mandate is approaching final publication, and AI models that can autonomously discover and weaponize zero day vulnerabilities across every major operating system are compressing the window between an unpatched exposure and a working exploit from months to hours.

Companies mentioned: Beacon Mutual, Erie Insurance, Philadelphia Insurance Companies, Farmers Insurance, Aflac, Tokio Marine, Travelers, International Control Services, Google/Mandiant, Anthropic, OpenAI, Munich Re, Scattered Spider, City of Hamilton

Today’s Deep Dive covers:

1. Why are ransomware groups specifically targeting insurance carriers, and what does the Scattered Spider campaign reveal about insurer specific vulnerabilities?

2. Would most carriers pass the cyber underwriting application they require of their own commercial insureds?

3. What does the convergence of AI powered vulnerability discovery, federal reporting mandates, and coverage voiding precedent mean for carrier CISOs and cyber product teams in the next 12 months?