Erie Insurance had to take drastic measures that anybusiness owner would dread:
Total System Shutdown: Portals were taken offline to stop the spread.
Customer Blackout: No logins, no claims processing, and no access to documents.
SEC Involvement: A Form 8-K was filed, confirming the incident was "material" to the company’s health.
Law Enforcement: Federal agencies were brought in to investigate the attack's source.
Red Flag for Your Customers: During outages, hackers often launch phishing scams, pretending to be your agency and asking for "emergency payments." Erie had to warn customers specifically about this—a PR nightmare.
Erie Insurance had to take drastic measures that anybusiness owner would dread:
Erie isn't just dealing with a technical glitch; they arefacing a regulatory storm. In 2026, the scrutiny is higher than ever. Potentialviolations include:
FTC Safeguards Rule: Investigation into inadequate security controls.
NY DFS 23 NYCRR 500: Critical if theyservice any New York customers.
State Privacy Laws: CCPA (California) and the SHIELD Act (New York).
HIPAA & PCI DSS: Risks to health policy data and credit card information systems.
These violations often result in multi-million-dollarfines and long-term brand damage.
One vulnerability can lead to a company-wide audit that lasts months. If your agency were in Erie’s shoes, you would face: Weeks of lost productivity while systems are scoured.
Extended Downtime: Weeks of lost productivity while systems are scoured.
Exorbitant Costs: Forensic investigations and legal fees starting in the tens of thousands.
Mandatory Notifications: You must tell every customer that their data was compromised.
Free Credit Monitoring: Providing up to 3 years of monitoring for every client (costing you $100-$200 per person/month).
Stay Ahead of the Threat
You don't have to be a giant like Erie to be a target, but you do need their level of protection.
Get a clear, expert-led view of your cybersecurity and compliance posture. Motiva’s cybersecurity risk assessment identifies gaps across security controls, policies, and regulatory alignment, so agencies know exactly where they stand and what to fix first.
What’s included: