CNA Financial, a Chicago-based provider of cyber insurance, confirmed a cyberattack against its systems, which has some concerned that cybercriminals may target policyholders.
If the investigation of the attack proves to include policyholder data, a cyber insurance industry expert warned, it could enable devastating further incidents that hackers could use as leverage in extortion attempts. If that’s the case, CNA said, it will keep customers updated. Its website has been down for the last couple of days since its press release. Right now it is displaying a message talking about the cyberattack and the measures they are taking.
CNA, one of the U.S.’s top 10 providers of cybersecurity insurance, is struggling with a cyberattack that prompted it to disconnect its systems from its network.
The company said it discovered the attack on March 21, in addition to alerting law enforcement for an investigation of the incident, CNA has hired a team of third-party forensic experts to investigate and determine the full scope of the cyberattack.
CNA’s website started displaying a message that stated the firm was “currently experiencing a network disruption that is impacting some of our systems. We are working to address these issues to minimize the disruption to you… The security of our data and that of our insureds and other stakeholders is of the utmost importance to us. Should we determine that this incident impacted our insureds’ or policyholders’ data, we’ll notify those parties directly.”
Cybercriminals assume that companies or entities represented by a cyber insurance company are more likely to pay a large ransomware demand than an uninsured business that doesn’t have the financial backing.
Who’s information is compromised?
It is currently unclear as to what user information may have been compromised in the attack against CNA, with roughly $10 billion in annual revenue. But gaining illegal access to a cyber insurance firm’s records could give the criminals insights into the negotiating tactics of the insurance company, and what current clients might be willing and able to shell out if a future attack occurs.
Of course, the attackers aren’t necessarily limited to a ransomware strategy. They could also phish certain policyholders.
“Insurance firms should obviously activate the breach coach and incident response resources they work closely with when helping their own clients during an incident, so that these clients are immediately informed and supported with monitoring services,” said Isabelle Dumont, vice president of market engagement at cyber insurance company Cowbell Cyber.
To avoid this type of incident or be prepared for them, it’s imperative that insurance companies that find themselves in this situation execute a robust incident response, replete with timely client notification.
If you are unsure if your network is completely secure, then it is time to develop a response plan to this type of incident or better yet hire a company that monitors your network 24/7 and helps you create a program that will protect your information. Click here to learn how we can help you.