Kathmandu. Human error is the leading cause of cyber attacks in insurance companies around the world. In its latest report, Hannover-based international industrial insurer HDI Global analysed how insurers can better manage cyber exposure and strengthen resilience. This report is based on the expertise of David Bartolini, Head of Cyber Risk Engineering Technology at HDI.
Bartolini oversees insurance companies’ global cyber risk engineering activities and advises organizations on prevention, preparedness, and recovery strategies. HDI Global’s analysis is consistent with the findings of the European Union Cybersecurity Agency (ENISA). It investigated nearly 4,900 cases between July 2024 and June 2025.
ENIS identified phishing, ransomware and denial of service (DDoS) attacks as the most common threats across all sectors. “Cybercriminals are using generative AI to launch automated attacks and exploit vulnerabilities across a wide range of industries,” Bartolini said. This necessitates proactive risk management. ’
The first priority identified by Bartolini is constant awareness among employees. Human error is the leading cause of cyber attacks. “Nearly 60 per cent of breaches are caused by mistakes, such as phishing emails or social engineering attempts,” the report said. ’
HDI Global recommends structured ongoing training programs that include simulated attack and response workshops to help employees identify and mitigate long-term risks.
According to Bartolini, the second focus is to maintain software and infrastructure. “Outdated or unpatched systems are common entry points for attackers,” he said.
HDI Global advises businesses to implement continuous patch management, conduct regular risk assessments, and prioritize critical system updates to reduce the likelihood of a compromise.
Third, Bartolini emphasizes technical security measures and network management. “With increasing access points to hybrid and remote working, businesses face increasing risk,” he said.
HDI Global recommends measures such as network segmentation, endpoint detection and response (EDR), security information and incident management (SIEM), and the establishment of Security Operations Centers (SOCs) to quickly identify and isolate threats. “These actions further limit the potential harm by applying the principle of minimum privilege and giving users the necessary access to their roles,” the report said.
Fourth, supply chain and third-party risks require proactive management. ENISA data shows that more than 10 percent of cyber incidents originate from vulnerabilities within partner networks or software providers. Bartolini recommended incorporating cybersecurity requirements into the agreements, conducting joint testing of interconnected systems to verify compliance with security standards and prevent incidents from spreading.
Finally, Bartolini emphasizes the importance of operational preparedness. “While complete prevention is impossible, the tested recovery strategy can minimize downtime and damage,” the report said. This increases to 5.5 days for small businesses. ’
HDI recommends regular data backups, a documented recovery plan, and crisis simulations to ensure that organizations can resume operations efficiently after a cyberattack incident. According to the report, companies with a comprehensive cybersecurity framework recover about 36 hours faster and charge 10 percent less per incident.
Clinton Mora is a reporter for Trending Insurance News. He has previously worked for the Forbes. As a contributor to Trending Insurance News, Clinton covers emerging a wide range of property and casualty insurance related stories.