Cybersecurity in the Insurance and Legal Sectors: A View From the Front Line
Mick Tennent
|13 August 2025
Cybersecurity has become one of the most pressing challenges facing the insurance and legal sectors today.
With vast amounts of sensitive data and a growing reliance on digital infrastructure, organisations are under constant pressure to stay ahead of increasingly sophisticated cyber threats.
We spoke to Mick Tennent, IT Security and Cyber Lead at Carpenters Group, about the current threat landscape, the rise of ransomware, and how the business is protecting its people, clients and systems.

The Threat Landscape
There’s no real difference between the insurance sector and other industries like banking or pharmaceuticals when it comes to cyber threats. The data we hold is just as valuable. Legal services have been targeted for years, and the threat landscape is incredibly active. It’s not something that switches on and off, it’s always on.
We’re seeing continuous attempts to breach systems, and it’s our job to make sure they don’t succeed. That means staying alert, adapting quickly, and making sure our defences are always evolving.
Ransomware and Its Impact
Ransomware is still the biggest threat we face. It used to be the domain of highly skilled hackers, but now anyone can pay a fee and launch an attack using ransomware as a service. These aren’t just shady individuals, they’re structured companies operating globally.
For personal devices, the ransom might begin at a few thousand pounds. For organisations, it starts at around £4 million. Ransomware typically begins with a phishing email. A user clicks a link, unknowingly downloads malicious software, and suddenly their files are encrypted. The attacker demands payment to unlock the data, often with no guarantee of recovery.
Building Strong Defences
We’ve put in place strict controls to ensure that only the right people can access sensitive data. If you don’t need access, you don’t get it. We also monitor outbound data. For example, if someone in IT tries to send claim data to a personal email, we block it. It’s not appropriate, and it’s a potential risk.
We’ve invested heavily in Microsoft’s security suite, which enables real-time threat detection and response. If a machine is compromised, we isolate it immediately. It stops the attack from spreading and gives us time to investigate.
These measures are part of a layered defence strategy that includes endpoint protection, network monitoring, and behavioural analytics - all designed to catch threats before they escalate.
Daily Threats and Vigilance
Cybersecurity is a daily operation. My team monitors activity across the organisation, filtering out false positives and responding to genuine threats. We get alerts every day. Most are legitimate business activity, but we do see malware attempts regularly. We work quietly in the background to stop these threats before they become incidents.
One particularly unusual case involved a fake website that mimicked our domain. It was almost identical - just a slight misspelling. We flagged it, issued a takedown notice, and it was gone within a day. It was clearly an attempt to launch a scam. These kinds of incidents highlight the importance of proactive monitoring and rapid response.


Managing AI Risks
Artificial intelligence is transforming the way businesses operate but it also introduces new risks. We’ve set up an AI Council to oversee how AI tools are used across the business. Nothing gets used unless it’s approved. That includes tools like Copilot, which we’ve licensed for legitimate use.
"We’re working hard to block unauthorised tools and educate staff"
The concern is that once data is uploaded, it may become accessible to others. We’ve seen it happen. That’s why we’re working hard to block unauthorised tools and educate staff. The AI Council includes board members and senior leaders, ensuring that decisions are made with both technical and strategic oversight. It’s a model that balances innovation with accountability.
Balancing Security and Efficiency
Security should never be a barrier to productivity. We work closely with business units to understand their workflows and tailor protections accordingly. Finance handles data differently than Legal or HR, so we need to understand how each team operates so we can support them without getting in the way.
This collaborative approach ensures that security measures are effective without being disruptive. It’s about enabling the business to function securely - not restricting it.
Educating Our People
Education is a cornerstone of our cybersecurity strategy. Staff are kept informed through internal communications and the MyCyber portal, which provides updates, guidance and supplementary resources.
If there’s a major incident in the industry - like the Marks & Spencer Co-op breach - we send out alerts and provide extra info online. We want people to understand the risks without overwhelming them.
We also align our practices with industry standards and client expectations. Our clients demand strong security, and that pushes us to keep improving. For new organisations, my advice is simple: start with a secure foundation and build up from there.