Analysts Affirm CNA Ratings As Insurer Continues Probe of Cyber Attack

CNA Financial Corp.’s financial ratings have not been affected by the insurer’s recent cyber attack.

AM Best, S&P Global Ratings and Fitch Ratings all affirmed their current ratings and outlooks for CNA and its subsidiaries and said they believe the attack has not yet had a material effect.

On March 24, commercial lines insurer CNA reported that it had sustained a “sophisticated cybersecurity attack” that caused a network disruption and affected certain CNA systems, including corporate email.

Upon learning of the incident on March 21, the insurer said it immediately engaged forensic experts to investigate and determine the full scope of this incident. The company said it also disconnected its systems from its network and provided workarounds where possible to ensure employees can continue operating and serving policyholders. It has also created dedicated email inboxes for agents and claimants.

The investigation is ongoing and the cause and extent of the attack remain unknown. CNA’s systems remain disconnected.

Ratings Forms

S&P Global Ratings said that its A+ and Stable ratings on CNA Financial Corp .and its subsidiaries are unaffected by the insurer’s recent cybersecurity incident.

S&P said it thinks the incident is “largely contained” following the disconnecting of its enterprise-wide system,

“We think the company’s remedial actions–including communicating with employees, customers, brokers/agents, and regulators–mitigated our concern about its brand reputation and competitive position,” S&P said.

The insurer is able to absorb potential financial consequences resulting from the breach through its cyber insurance coverage, according to S&P.

“We will continue to follow the impact of the cyberattack. At this time, we believe the incident does not affect the company’s business and financial metrics,” the announcement stated.

Ratings agency AM Best commented that its CNA ratings also remain unchanged.

“Based on the information available as of today, AM Best believes that the company is working diligently through this matter with its team and third-party providers,” AM Best said in. a statement.

AM Best said it “currently believes that the disruption caused by the cyberattack has not reached a level that is material to the credit profile of the enterprise.”

AM Best added that it recognizes that the “situation remains highly fluid” and it will “continue to monitor developments closely for indications that the incident has damaged the company’s ability to conduct business, eroded its reputation and favorable standing in the markets it serves or results in a change in AM Best’s view of the company’s enterprise risk management assessment, which it currently views as appropriate.”

Fitch Ratings also said it sees no Immediate impact on CNA’s ratings related to the cyber attack.

Fitch noted that insurance companies can be “valuable targets to cyber criminals” as they have personal identifiable information, health information, payment data, or intellectual property. Cyber insurance underwriters’ also have customer lists and cyber policy limits.

Fitch said it will monitor for any “potential financial, operational, and reputational effects” as this event is resolved. It added that it views future negative rating implications as “unlikely, but cannot be completely ruled out given uncertainty of the duration of the event and ultimate outcomes.”

Fitch Ratings is maintaining its CNA’s senior debt ratings at ‘BBB+’ and operating subsidiaries have an ‘A+’ Insurer Financial Strength (IFS) ratings with a Stable Outlook on all ratings.