About three months after it detected suspicious activity within its network systems, AssuranceAmerica has started alerting consumers.
The Atlanta-based managing general agency with about 9,500 agents selling personal a
uto, renters, and commercial auto policies in 14 states, said on March 17 it detected the suspicious activity targeting one employee.
The MGA said it notified authorities and immediately enlisted an outside forensic specialist
. It was determined an unauthorized third party accessed the company’s systems through the targeted attack and copied “a number of data files,” according to the breach notice filed in at least a half-dozen states.
AssuranceAmerica said that, due to the scope and the files involved, the investigation was only recently completed.
Some customer personal identifiable information was within accessed files, including names, contact information, insurance policy and account information
, vehicle information, claims information, drivers’ license numbers, and Social Security numbers.
“We promptly disabled and took offline the affected company server devices,” Assurance America said. “To help prevent a simitar occurrence in the
future, the company has implemented a number of measures designed to enhance the security of our IT systems and data stored in those systems.”
While the media focused on the ability of Anthropic’s AI model to exploit risk management
deficiencies, “they don’t tell you in the story, or at least it’s maybe buried in the story, that that
Watch More Image Part 2 >>>
’s only true where there are no defenses in place. All of those case studies are based on a completely [defenseless] enterprise that takes no remedial action. That is not
how the world works,” Williamson said, adding that Everest and its clients are “deploying excellent tools at scale.”
“And AI is one of the best defensive trends happening in the cyber defense market. So, I think where we are on cyber risk is we’re in the same arms race we were before AI, which is bad guys want to exploit vulnerabilities to make
money, good guys want to stop them from doing that, and there’s a constant one-upmanship to get ahead of that curve one way or the other.”
“My personal view right now—and this is a very fluid situation—is the good guys are holding a lot more of the cards in this environment.”
He reasoned: “Think about what it takes to build a capability like Mythos at scale. A bad actor c
an leverage what others are developing, but they can’t build it on their own.”
What that means is “yes, phishing exercises will get a little easier… But [what] everybody was afraid of when they started hearing about Mythos—that they’d wake u
p one day and find out that some AI capability allowed hackers to bring down Azure or something—I just think that’s way, way, way out of the tail. [There’s] a lot of infeasibility around that.”
Williamson concluded: “I think AI will do as much to improve cyber hygiene and security and opportunity as it will be a threat.”



























