Pune: Insurance companies are witnessing a rise in fake domain registrations and cloned customer portals designed to harvest policyholder data, according to the India Cyber Threat Report 2026 released by Seqrite, the enterprise security arm of Quick Heal Technologies Limited. The report is based on telemetry that recorded 265.52 million detections across more than 8 million endpoints in India, averaging 505 detections every minute, underscoring the scale at which digital-facing sectors are being probed.
While Financial Services accounted for 1.16 million detections (4.36% of total industry volume), Seqrite researchers observed a notable increase in brand impersonation campaigns targeting banks, fintech platforms and insurers. Attackers are creating lookalike domains and counterfeit policy renewal or claim-verification pages that closely mirror legitimate insurer websites. These scam portals typically request policy numbers, personal identification data, OTPs and payment credentials under the pretext of premium updates, lapsed policy renewals or compliance checks. In parallel, Android banking Trojans and infostealers have grown more sophisticated, leveraging overlay screens and real-time session capture to intercept financial credentials.
The broader malware ecosystem continues to be dominated by Trojans (approximately 88.4 million detections) and File Infectors (approximately 71.1 million detections), together forming nearly 70% of all malware activity. Many of these families act as initial access vectors, enabling credential theft and remote access before financial fraud or ransomware deployment. Although ransomware represented less than one percent of total detections, it had the highest operational impact, peaking in January 2025 with 185 incidents and over 113,000 detections. For insurers operating digital claims systems and customer databases, such post-compromise activity can escalate from data theft to service disruption.
Seqrite’s analysis further highlights that 91% of detections originated from on-premise environments, indicating continued exposure in legacy infrastructure and internal systems. At the same time, cloud-linked identity abuse and OAuth token misuse are emerging as preferred tactics for bypassing traditional endpoint alerts. With insurers accelerating digital onboarding, self-service portals and API integrations with intermediaries, the exposure of customer records, underwriting files, medical disclosures and claims documentation presents both fraud risk and regulatory liability.
Seqrite added that in financial services, data privacy is inseparable from customer trust. As insurers process sensitive personal, financial and medical information, responsible data handling and clear governance frameworks become critical to sustaining digital confidence. The company has developed an indigenous Seqrite Data Privacy solution tailored for Indian organisations and created a dedicated DPDP Act resource hub to help enterprises understand compliance expectations and implement privacy frameworks in practice.
