For the past year, we’ve been profiling major cyberattacks in order to raise awareness about the increase in cybercrime after 2020. Businesses have been struggling to balance remote work with the increased security necessary. Some, unable or unwilling to invest in structural security improvements, are instead choosing to take out insurance policies against cyberattacks. Cyber insurance or “cyber-liability insurance” helps companies recover from cyber threats and attacks. Having a cyber insurance policy reduce disruptions and downtime during an incident, as well as potentially helping to absorb the financial cost of dealing with and recovering from the cyberattack. But what happens when a giant in the cyber-insurance field is the one targeted?
Insurance company CNA offers many different insurance solutions to its customers, including cyber insurance policies to protect against ransomware attacks. In a public statement, CNA confirmed that “on March 21, 2021, CNA determined that it sustained a sophisticated cybersecurity attack” and that “the attack caused a network disruption and impacted certain CNA systems, including corporate email”. The hacking group known as Phoenix also encrypted data on over 15,000 CNA devices, potentially compromising sensitive client information. While CNA is working with the FBI to mitigate the fallout from this attack, it may be the start of a ‘second wave’ of cyberattacks.
Bystanders may be wondering why this attack is so significant. Simply put, threat actors, especially those utilizing ransomware, are incentivized to target organizations with cyber insurance. This may seem counterintuitive, given that cyber insurance is marketed as a product that counters cyber attacks. However, threat actors have realized that when they attack an insured organization, they are more likely to receive payment. If Phoenix was able to identify CNA clients who have purchased cyber insurance, those organizations may be future targets.
If you’ve purchased cyber insurance for your organization through CNA, acknowledge that your risk of attack has increased, and monitor the news for more information on what information was compromised. Additionally, consider improving your business’s other cybersecurity measures. Finally, if you’re interested in help identifying flaws in your business’s security, reach out to us at firstname.lastname@example.org for more information.