The insurer, which underwrites cyber insurance via subsidiary CNA Hardy, said the “sophisticated” attack on 21 March caused network disruption
Global insurance company CNA has announced it has been hit by a “sophisticated cybersecurity attack”. The insurer, which underwrites cyber insurance at Lloyd’s via its subsidiary CNA Hardy, said the attack on 21 March caused a network disruption and impacted CNA systems, including corporate email. CNA Hardy ceased underwriting through its Singapore and Lloyd’s China channels in 2018.
It has yet to confirm whether there has been any compromise of company data or the nature of the attack.
”Upon learning of the incident, we immediately engaged a team of third-party forensic experts to investigate and determine the full scope of this incident, which is ongoing,” it added. “We have alerted law enforcement and will be cooperating with them as they conduct their own investigation.”
“Out of an abundance of caution, we have disconnected our systems from our network, which continue to function,” it added. “We’ve notified employees and provided workarounds where possible to ensure they can continue operating and serving the needs of our insureds and policyholders to the best of their ability.”
“The security of our data and that of our insureds’ and other stakeholders is of the utmost importance to us. Should we determine that this incident impacted our insureds’ or policyholders’ data, we’ll notify those parties directly.”
It is not the first major cyber attack in the insurance industry. In September 2020, insurance broker Arthur J Gallagher revealed it had been hit by a ransomware attack, forcing it to take all its computer systems offline.
Average ransomware payments rose by 171% between 2019 and 2020, according to Palo Alto Networks. The highest ransom paid by an organisation doubled from 2019 to 2020, from $5 million to $10 million.
Whereas such attacks were previously carried out using a scattergun approach, attackers are increasingly selecting their targets and tailoring ransom demand to the size and financial capacity of their ransomware victims.