Skip to main content
Inflection Point
Editorial collage showing insurance documents, padlocks and fragmented identity data in the brand red / yellow / cyan palette on black
Cyber Security 31 May 2026 10 min read Verified 12 June 2026

Insurance is now the UK's fastest-growing identity fraud target. Here's why, and what to do about it.

I

Iain Godding

Owner / Founder / Managing Director

Our analysis of eight years of Cifas data found that insurance identity fraud has surged 290.5% since 2017, against a sector-wide average of 38.7%. Insurance is now the fifth most common identity-fraud category in the UK, and growing faster than any of the four ahead of it. *Insurance Business Magazine*, *Express* and *MSN* covered the headline finding this week. This article is the longer story behind the data, including what we think is driving the surge, what businesses can do about it, and what consumers should do to protect themselves.

The headline finding

We analysed eight years of identity-fraud data from the UK's National Fraud Database, broken down by sector:

Insurance identity fraud rose from 4,215 cases in 2017 to 16,461 in 2025, a 290.5% increase. Over the same eight-year period, all-sector UK identity fraud grew by 38.7%, reaching 242,003 cases in 2025.

Insurance now accounts for 6.8% of every identity-fraud case recorded in the UK, putting it fifth overall, behind plastic card, bank account, communications and online retail fraud, but growing faster than any of them. If the current trajectory holds, insurance will overtake online retail inside three years.

That headline finding was picked up this week by:

The press has the headline. This post is the longer answer, the bit we wish we'd had room for in 800-word quotes.

Why insurance? Three structural reasons

A 290% rise in eight years is not random. Three things make insurance applications and claims a uniquely attractive target for identity fraudsters.

1. Insurance asks for more personal data than almost any other consumer transaction

A standard car insurance quote asks for your full name, date of birth, address history, occupation, driving licence number, vehicle registration, marital status, claims history, and often your employer. A home or life policy adds property value, mortgage details, dependants and health information. As Iain Godding, founder of Inflection Point, put it to Insurance Business Magazine: "Insurance applications and claims involve a lot of personal information, from addresses and dates of birth to employment details."

For a fraudster building a fake identity, an insurance quote form is a near-complete intake. Compared with opening a credit card (name, DOB, address, income, NI number), an insurance application produces a fuller dossier, and crucially, one whose answers can be cross-referenced and reused across other applications.

2. The verification standard at quote and application stage is lower than for credit

Banks and lenders use Cifas's National Fraud Database to flag suspicious activity at point of application. Insurers do too, but historically, identity verification at quote stage has been lighter. Quotes are designed to be fast and frictionless because the conversion mechanic depends on getting an indicative price into the consumer's hands in seconds. That same speed makes it easier for fraudsters to test stolen identities against the system in volume.

Cifas's Fraudscape 2026 reported 444,000+ cases filed to the National Fraud Database in 2025, a 6% rise on 2024 and the highest annual figure ever recorded. Identity fraud and facility takeover together accounted for 72% of all cases. Insurance is one of the fastest-growing slices of that pie.

3. AI has industrialised the production of fake documents and convincing personas

The 290% surge has not been linear. The slope steepens noticeably from 2023 onward, which lines up with the moment generative AI made it cheap and fast to produce:

  • Synthetic identity documents (fake passports, driving licences, utility bills) that pass surface-level verification
  • AI-generated images supporting motor and property claims (manipulated photos of damage that never happened)
  • "Ghost broker" social media profiles offering low-cost cover backed by fabricated policy documents

Aviva detected £233 million in fraud across 18,400+ suspect claims in 2025, and the Insurance Fraud Bureau tracked a 52% rise in ghost broking cases between 2022 and 2024. Experian's UK Fraud and Financial Crime Report showed AI-related fraud rising from 23% of cases in 2024 to 35% in early 2025, a steeper curve than insurance fraud alone, but the two are converging.

The wider context: £1.16 billion in detected fraud, and that's just what insurers caught

Identity fraud sits inside a wider insurance-fraud landscape that the Association of British Insurers (ABI) has been mapping for years.

In 2024, ABI member insurers detected £1.16 billion in fraudulent general insurance claims across more than 98,400 cases, a 2% rise on 2023, and the third consecutive year above the £1 billion mark. Motor remained the most-targeted line at £576 million (53% of the total). Insurers also prevented an estimated 684,800 fraudulent applications, a 7.4% increase on 2023.

The point worth holding onto here is the gap between "detected" and "attempted". If 684,800 fraudulent applications were stopped at the door, the population of people trying to defraud UK insurers is closer to a million than a hundred thousand. The 290% surge in insurance identity fraud sits inside that volume, it's the subset where the fraudster isn't impersonating themselves, they're impersonating you.

What businesses need to do

If you run a business, particularly an SME with limited cyber resource, your exposure here is not "we might be defrauded by a customer". It's: a fraudster will impersonate one of your employees, your finance director, or your customer-facing team to access systems that contain your customers' insurance data. That data then gets weaponised.

There's no silver bullet, but there is a credible baseline. We recommend the following five controls, in this order:

  1. Cyber Essentials Plus certification. The government-backed UK standard for cyber security baseline controls. Not a marketing badge; an annually-audited verification of firewalls, secure configuration, access control, malware protection and patch management. If you handle customer PII and your insurer asks about your cyber posture, this is the answer they want.
  2. ISO 27001 controls applied to your data flows. Particularly relevant for organisations holding multi-policy data, brokers, financial advisers, accountants, surveyors. ISO 27001 is heavier than Cyber Essentials Plus but it's the only standard that requires you to map where personal data lives, who can access it, and what happens if it's compromised.
  3. Multi-factor authentication on every system that touches customer data. Not just email. CRM, finance, document management, the lot. The most common breach vector we see in our Bristol and Cheltenham client base is credential phishing where MFA was either turned off for convenience or never enabled.
  4. Staff training that's specific to your sector. Generic phishing-awareness training has a measurable but limited effect. Sector-specific training, "here's what a fake claims demand looks like in motor insurance", produces materially better detection rates.
  5. A documented incident response process. When (not if) a credential gets compromised, the difference between a near-miss and a six-figure data breach is measured in hours. If your incident response is "we'll call our IT guy and figure it out", you don't have an incident response process.

We run all five for our own 200+ UK clients, and we audit them quarterly. The number to watch, and we publish ours, is first-time fix rate on security incidents. Ours sits at 93% across the year, which means 93% of identified incidents are resolved at first contact without escalation. That number is the proxy for whether your defence-in-depth is working.

What consumers need to do

If you're reading this as an individual rather than a business owner, the practical steps are different.

  1. Sign up for [Cifas Protective Registration](https://www.cifas.org.uk/pr). £30 for two years. It flags your identity in the National Fraud Database so that lenders, insurers and other Cifas members run extra checks before approving anything in your name. It is the single most underrated piece of consumer fraud protection in the UK. Cifas members read this flag during the application, meaning identity fraud against you gets caught before money or policies are issued, not after.
  2. Verify any unsolicited contact through a known channel. If you get a call, text or email from "your insurer" asking for personal details or telling you about a policy change, hang up. Call back on the number printed on your renewal notice or the back of your insurance card. Iain Godding made the same point to Insurance Business Magazine: early detection beats every other defence, and fraud usually surfaces as small anomalies, an unfamiliar payment, an unrequested policy change, a renewal notice for a policy you didn't take out.
  3. Treat your insurance documents like financial documents. Don't post them. Shred renewal notices before binning. The information on a renewal letter, full name, address, policy number, vehicle registration, is the exact starter pack for ghost-broker fraud.
  4. Check your credit file every 90 days. Free with most UK providers. Look specifically for credit applications you didn't make and accounts you don't recognise, these are early-warning signs that your identity has been compromised somewhere upstream.
  5. Use a different password on every insurance and finance account. If that sounds impossible, use a password manager. We recommend 1Password or Bitwarden to clients; both are free or low-cost for individuals.

Where we go from here

The 290% surge isn't a one-off statistic; it's a trend that will keep accelerating until insurers harden their identity verification at quote stage and consumers harden their personal data hygiene. The technology to do both already exists, what's missing is urgency.

Government intervention is finally moving. The Fraud Strategy 2026-2029, published in March 2026 with £250 million of investment, is built around three pillars (disrupt, safeguard, respond) and a new Online Crime Centre launched in April. The Centre's cross-sector data sharing is exactly what's needed to close the gap between when a stolen identity is first used in one sector and when it gets flagged in another.

In the meantime: tighten what you can control. For UK SMEs, that means the five-step baseline above. For consumers, it means Cifas Protective Registration today, before you finish reading this. The total cost is about £30 and ten minutes; the alternative is finding out via a debt collection letter that you've taken out three insurance policies you didn't apply for.

About the research

Inflection Point analysed eight years of identity-fraud case data (2017-2025) from the UK National Fraud Database, broken down by sector. The headline finding, 290.5% growth in insurance identity fraud versus 38.7% across all sectors, was first shared with Insurance Business Magazine on 9 June 2026 and subsequently covered by Express and MSN.

Full press coverage:

Methodology notes available on request. Data sources: Cifas National Fraud Database (2017-2025), Cifas Fraudscape 2026, ABI Detected General Insurance Claims Fraud Report 2024.

About Inflection Point

Inflection Point is a UK managed-IT and cyber-security firm. 200+ active clients across the UK, 16+ years EOS-run, founder-led with 25 years industry experience. ISO 27001 certified, Cyber Essentials Plus, rated 4.9/5 across 150+ Trustpilot reviews. We help insurance brokers, financial advisers, professional-services firms and SMEs across the UK protect customer data with under-15-minute remote response and 1-hour on-site SLA. From £39 per user per month.

If your business handles customer insurance, finance or health data and you're not sure whether your current controls would survive an audit, book a 30-minute discovery call. No sales pitch.

Iain Godding is the founder of Inflection Point. He has 25 years of UK IT and cyber security industry experience, and is a regular commentator on identity fraud, cyber resilience and SME risk.

Frequently Asked Questions

How fast is insurance identity fraud growing in the UK?

Insurance identity fraud in the UK has grown 290.5% in eight years, from 4,215 cases in 2017 to 16,461 in 2025. Over the same period, all-sector identity fraud grew by 38.7%. Insurance is now the fifth largest identity-fraud category and the fastest-growing of the top five (data source: Cifas National Fraud Database).

Why are insurers being targeted more than other sectors?

Three structural reasons: insurance applications collect a uniquely rich personal dossier (name, DOB, address history, occupation, vehicle, claims history); identity verification at quote stage is lighter than at credit application stage because conversion depends on speed; and generative AI has industrialised the production of synthetic identity documents and fake claims imagery. Aviva alone detected £233 million in fraud across 18,400+ suspect claims in 2025.

How can UK consumers protect themselves from insurance identity fraud?

Five practical steps: sign up for Cifas Protective Registration (£30 for two years, flags your identity in the National Fraud Database); verify any unsolicited insurance contact through a known channel before sharing details; treat insurance renewal documents like financial documents (shred before disposal); check your credit file every 90 days for unfamiliar applications; and use unique passwords on every insurance and finance account, ideally via a password manager.

What cyber baseline should UK SMEs have to protect customer insurance data?

Five controls in priority order: Cyber Essentials Plus certification (the UK government-backed baseline); ISO 27001 controls mapped to your customer data flows; multi-factor authentication on every system that touches customer PII; sector-specific staff training on phishing and social engineering; and a documented incident response process with named owners. Inflection Point runs all five for 200+ UK clients and audits them quarterly.

Sources

  1. Insurance Business Magazine UK. Why insurers are sitting on a goldmine for identity fraudsters . (2026)
  2. Express. Insurance fraud cases surge 290% but plastic card fraud remains biggest identity scam . (2026)
  3. MSN Money. Insurance fraud cases surge 290%, but plastic card fraud remains biggest identity scam . (2026)
  4. Cifas. Fraudscape 2026: Fraud cases hit record highs as criminals adapt and scale . (2026)
  5. Association of British Insurers. Fraudulent insurance claims continue to top £1 billion . (2025)
  6. Insurance Business Magazine UK. Aviva detects record £233 million in fraud as AI tools and ghost broking accelerate . (2026)
  7. FinTech Global. How AI and deepfakes are reshaping identity fraud in 2026 . (2026)
  8. Cifas. Cifas Protective Registration . (2026)

Topics

Cyber Security Cyber Security Services

Share this article

Share on X Share on LinkedIn
IG

Written by

Iain Godding

Owner / Founder / Managing Director

Iain has over 25 years’ experience delivering large-scale technology programmes across public and private sectors. As our MD he brings this enterprise-grade IT expertise to SMEs in the South West in a way that’s accessible, scalable, and commercially valuable. A champion of innovation, he’s at the forefront of applying AI and automation to help clients streamline operations, improve decision-making, and unlock new value. Iain has built a culture that prioritises innovation, service excellence, and long-term client partnerships, helping businesses of all sizes achieve more with technology. Outside work, Iain advises growing businesses as a board member and non-executive director.

View all posts by Iain

You might also like

More articles in this category

View all articles
Get Expert Help

Ready to transform your IT?

Our team of experts is here to help you navigate technology decisions and find solutions that drive real business value.

Book a consultation Explore more articles