CNA, one of the U.S.’s top providers of cybersecurity insurance, is struggling with a cyberattack that prompted it to disconnect its systems from its network.
Its website hasn’t been working for the last couple days, and at press time displayed the message, “The attack caused a network disruption and impacted certain CNA systems, including corporate email.”
The Chicago-based firm reported more than $10 billion in revenue in 2020, and is in the top 15 U.S. property and casualty insurers and top 10 U.S. providers of cyber insurance, according to recent measurements.
If the attack proves to include policyholder data, a cyber insurance industry expert warned, it could enable particularly devastating further incidents that hackers could use as leverage in extortion attempts. If that’s the case, CNA said, it will keep customers updated.
The company said it discovered the intrusion on March 21, adding that it is working with forensics experts to determine the scope of the incident and has alerted law enforcement for an investigation. A spokesperson did not respond to requests for information about the nature of the hack.
“The nightmare scenario” would be if hackers got ahold of policyholder data, said Coalition CEO Joshua Motta, whose company provides cyber risk management tools and cyber insurance.
“The ramifications of a ransomware attack or threat actor activity against CNA and insurance company networks — much less an insurance company that is one of the larger providers of cyber insurance — is that the threat actors are now maybe aware of which companies have applied for insurance with CNA, which have actually purchased that insurance, what coverage they have, including coverage for cyber extortion or ransomware, as well as the limits and deductibles of those policies,” he said.
Hackers could use that data to put ransomware victims in a bad position to negotiate an end to their networks being held hostage, Motta said.