Insurance Journal’s Top Cyber Stories of 2021

Ransomware was the word of the year in 2021 for the cyber insurance industry as attacks continued to grow in scale and complexity, and experts say this cyber threat landscape will likely continue in the new year.

Kurt Suhs, founder and CEO of cyber risk company Cyber Special Ops, said in a December episode of The Insuring Cyber Podcast that moving forward in the current threat landscape is an ongoing challenge.

As insurers prepare to look forward, however, it may be helpful to also look back on some of the cyber topics that were most important to Insurance Journal readers in 2021.

Here are Insurance Journal’s top 10 cyber stories of 2021:

Insurance Broker Gallagher Sued Over Ransomware Attack

Insurance Journal’s top read cyber insurance story of the year sent a powerful message about the growing affect of ransomware on the insurance industry, as insurance and benefits broker Arthur J. Gallagher in August became the target of a proposed class action lawsuit over a ransomware attack it suffered in 2020. The plaintiffs alleged that Gallagher failed to follow federal and state government and industry standards to protect their personal information from hackers and failed to adequately notify or help individuals whose information was stolen.

In addition to seeking compensatory, statutory, nominal and punitive damages, legal costs and credit monitoring, the suit asked the court to order Gallagher to have regular third-party tests of its network security, improve training of its security personnel, and purchase or provide funds for credit monitoring services for its customers.

CNA Paid $40 Million in Ransom After March Cyber Attack

Bloomberg reported that CNA Financial Corp., among the largest insurance companies in the U.S., paid $40 million in late March to regain control of its network after a ransomware attack, according to people with knowledge of the attack.

The Chicago-based company paid the hackers about two weeks after a trove of company data was stolen, and CNA officials were locked out of their network, according to two people familiar with the attack who asked not to be named because they weren’t authorized to discuss the matter publicly.

In a statement, a CNA spokesperson said the company followed the law. She said the company consulted and shared intelligence about the attack and the hacker’s identity with the FBI and the Treasury Department’s Office of Foreign Assets Control, which said last year that facilitating ransom payments to hackers could pose sanctions risks.

7 Major Cyber Insurers Form Company to Coordinate Cyber Analysis, Risk Mitigation

With cyber attacks and insurance claims on the rise, leading cyber insurers AIG, AXIS, Beazley, Chubb, The Hartford, Liberty Mutual Insurance and Travelers in June formed a company to pool their data and expertise and take collective efforts to enhance cyber risk mitigation efforts across the insurance industry.

The new entity, called CyberAcuView, will compile and analyze cyber-related data to enhance value and service to policyholders and help insurers sustain a competitive market for cyber insurance. CyberAcuView’s activities will be conducted under strict antitrust review and guidance, according to the announcement. Mark Camillo, most recently head of Cyber, EMEA at AIG, has been appointed CEO.

CyberAcuView is 100%-owned by the founding seven member carriers, six of which are among the top 10 insurers in the market based on 2020 direct written premium, according to AM Best. (Liberty Mutual ranks 14th.) The new company will invite other direct writers of cyber insurance to be associate members, according to its website.

Geico Customer Data Breach May be Part of Unemployment Insurance Scam

Auto insurer Geico reported in April that fraudsters had been stealing license numbers of its customers for the past few months and possibly using them to fraudulently apply for unemployment benefits. In a data breach notification filed with California’s data privacy agency on April 15, the major auto insurer indicated that the breaches occurred between January 21, 2021 and March 1, 2021.

The hackers gained access to driver’s license information through the insurer’s online sales system. Geico said the data obtained was limited to license numbers.

White House Warns of Hack of Microsoft’s Outlook Email Program

The White House in March urged computer network operators to take further steps to gauge whether their systems were targeted amid a hack of Microsoft Corp.’s Outlook email program, saying a recent software patch still left serious vulnerabilities, Reuters reported.

The Insuring Cyber Podcast’s Most Popular Episodes of 2021: EP 13 – The Really, Really Big One: The Likelihood of a 1-in-100 Year Cyber Catastrophe More than a year into what some have called a 1-in-100 year pandemic with COVID-19, many may be wondering what other unprecedented events could be on the horizon. For the cyber community, this raises questions about the likelihood of a once in a century cyber catastrophe. EP 9 – Memory Lane: Returning to the Early Days of Cyber Coverage With the sophistication of cyber attacks, claims growth, and now, a global pandemic driving an increasing number of businesses toward remote work, it’s no question the cyber insurance industry has had to evolve rapidly since its onset. For this episode, Insurance Journal’s Elizabeth Blosfield caught up with two insurers – RPS and Beazley – who were early players in the cyber insurance space to reflect on the beginnings of cyber coverage and discuss how the industry has matured since then. EP 11 – What the ‘New Normal’ Means for Cyber Insurers, Coverage With increased reliance on technology, new work environments and greater use of at-home devices and networks in some cases, experts say cyber risks have grown as criminals find ways to exploit user data and gain access to passwords and systems. As a partial return to normal is sought by many, however, increased cyber risks due to the COVID-19 driven work from home environment are likely here to stay.

“This is an active threat still developing and we urge network operators to take it very seriously,” a White House official said, adding that top U.S. security officials were working to decide what next steps to take following the breach.

CNN separately reported the Biden administration was forming a task force to address the hack. The White House official, in a statement, said the administration was making “a whole of government response.”

Colonial Pipeline Paid Hackers Nearly $5 Million in Ransom: Bloomberg

Bloomberg reported Colonial Pipeline Co. paid nearly $5 million to Eastern European hackers in May, contradicting earlier reports that the company had no intention of paying an extortion fee to help restore the country’s largest fuel pipeline, according to two people familiar with the transaction.

The company paid the hefty ransom in untraceable cryptocurrency within hours after the attack, underscoring the immense pressure faced by the Georgia-based operator to get gasoline and jet fuel flowing again to major cities along the Eastern Seaboard, those people said. A third person familiar with the situation said U.S. government officials are aware that Colonial made the payment.

Ransomware Has Been a ‘Game Changer’ for Cyber Insurance

Anyone who works in cyber insurance knows that the industry is never static. It’s a constantly evolving business as the risks change all the time, and this has never been more apparent than right now, said panelists for Insurance Journal’s August webinar – Cyber Insurance: Is This the Beginning, Middle or End?

“The game changer,” said Justin Herring, executive deputy superintendent at the New York State Department of Financial Services (DFS), “has been ransomware.”

A spate of attacks in 2021 have been of particular concern among U.S. government officials, as they’ve been attributed to cybercriminals operating from Russia, Insurance Journal previously reported. There was the hack last year in which Russian military cyber criminals sabotaged computer code within a software called SolarWinds. Now, a July ransomware attack has made its way to the center of the conversation, in which the Florida information technology firm Kaseya saw its management system hacked. REvil, a Russia-linked cybercrime syndicate, took credit for the breach.

In June, REvil extorted an $11 million ransom out of meatpacker JBS after compromising its supply chain. Earlier this year, in May, an intrusion by another Russia-linked group at U.S. fuel transporter Colonial Pipeline led to the shutdown of 5,500 miles of critical infrastructure, causing panic buying and gas shortages all along the East coast.

Insurers Cut Their Appetite for Cyber Cover as Ransomware Losses Mount

Insurers have halved the amount of cyber cover they provide to customers after the pandemic and home-working drove a surge in ransomware attacks that left them smarting from hefty payouts, Reuters reported in November.

Faced with increased demand, major European and U.S. insurers and syndicates operating in the Lloyd’s of London market have been able to charge higher premium rates to cover ransoms, the repair of hacked networks, business interruption losses and even PR fees to mend reputational damage.

But the increase in ransomware attacks and the growing sophistication of attackers have made insurers wary. Insurers say some attackers may even check whether potential victims have policies that would make them more likely to pay out.

5 Ways Cyber Business Interruption Differs from Traditional Business Interruption: RIMS

While a typical business interruption can often be a confusing insurance situation, the picture gets even muddier when it involves cyber coverage.

Chris Mortifoglio, a forensic accountant, knows all too well how muddy it can become.

“I will tell you that in my experience business interruption is often the most misunderstood part of property coverage. Part of that has to do with the fact that it can be very subjective. If you have 10 accounts looking at the same set of financial data, you’ll oftentimes receive 10 different calculations or estimates of what a business interruption loss might be,” said Mortifoglio, who has been dealing with business interruption exposure assessments and claims for more than a decade as the director of forensic accounting at Procor Solutions and Consulting in New York.

According to Mortifoglio, who is a Certified Public Accountant and a Certified Fraud Examiner (CFE), understanding the “nuances and differences” of a cyber insurance business interruption exposure or claim situation compared to a traditional one is more important now than ever.

What Insurance Firms Promised at White House Cybersecurity Summit

Four insurance firms — Travelers, Coalition, Resilience Cyber Solutions and Vantage Group— were among the participants in the White House summit on cybersecurity along with giant technology firms and Biden Administration officials.

The aim was to discuss how these groups can work more closely together to improve the nation’s cybersecurity, particularly as U.S. public and private sector entities increasingly face cyber attacks.

Chris Finan, chief operating officer at ActZero, an artificial intelligence-driven cybersecurity start-up, and former director for cybersecurity legislation and policy on the National Security Council staff in the White House during the Obama Administration, and Joshua Motta, CEO and co-founder of cyber insurance and security provider Coalition, discussed what the summit means for the insurance industry in an October episode of The Insuring Cyber Podcast.

“The federal government can’t meet this challenge alone,” President Joe Biden told the executives at the summit. “You have the power, the capacity and the responsibility, I believe, to raise the bar on cybersecurity.”