Search
Close this search box.

MS Exchange cyberattack could release a deluge of claims

pexels-mohamed-almari-1454253

MS Exchange cyberattack could release a deluge of claims

Claims from the attacks are expected to focus on legal, forensic and clean-up costs.

Companies in North America face the greatest risk exposures from the attacks, according to the cyber analytics specialist, as U.S. organizations are more likely to be using the affected Microsoft servers.

The insurance and reinsurance industries are likely to see a “long-tail of attritional claims” stemming from a series of cyberattacks on MS Exchange, Microsoft’s best-selling email service, according to cyber analytics firm CyberCube. The associated claims are likely to focus on legal, forensic and clean-up costs.

The attacks, which are thought to stem from Chinese state-sponsored hackers, exploit vulnerabilities on Exchange servers with the intent of placing malicious code. The codes can then be used in ransomware schemes, espionage or even to take over a system’s resources to mine for cryptocurrency, CyberCube reported. Researchers believe that 10 “advanced persistent threat actors” globally are now actively exploiting the code used in this attack.

Although the true scope of the attacks is yet to be determined, cybersecurity expert Brian Krebs estimated that roughly 30,000 organizations in the U.S. have been hacked thus far, while Bloomberg put the count closer to 60,000.

“The insurance industry is only just beginning to understand the scope of possible damage. It is too early to calculate potential losses from the theft of a corporation’s intellectual property,” William Altman, cybersecurity consultant at CyberCube, said in a release. “An accumulation of loss could result in multiple — theoretically, tens of thousands — of companies making insurance claims to cover investigation, legal, business interruption and possible regulatory fines. There is still the ongoing possibility that even more attackers will launch ransomware or other types of destructive cyberattacks.”

Only MS Exchange versions from 2013-2019 are considered vulnerable to the attacks, according to CyberCube, which noted Microsoft is releasing patches for legacy versions.

North American companies, multinationals most at risk

Companies in North America face the greatest risk exposures from the attacks, according to the cyber analytics specialist, as U.S. organizations are more likely to be using the affected Microsoft servers. Roughly 80% of MS Exchange customers are based in the U.S.

Additionally, Germany, Africa, Middle East and Australasia have also been deemed high-risk regions, according to CyberCube.

Mid- to large-size multinationals ($250 million-plus in revenue) are also facing an increasing risk, as these organizations tended to leverage MS Exchange servers before enterprise cloud computing became widely embraced. However, this is also leading small businesses to be viewed as less impacted by the incident as they tend to leverage cloud-based email systems.

Although small businesses might be insulated from this event, recent research shows that the sector, along with mid-sized organizations, will propel the cyber insurance market moving forward.

Rise of state actors

While hacking is often associated with lone wolves out for personal enrichment, nation-states are becoming more proficient and aggressive, according to retired Admiral Michael S. Rogers, former director of the National Security Agency and commander of U.S. Cyber Command.

“We went through a period between about 2011 and 2017, during which nation-states increased levels of activity,” Rogers said during a NetDiligence webinar. “This includes the NotPetya hits in the summer of 2017, probably the largest global event we’ve ever seen. And after that, given its repercussions, there seems to have been a bit of a step back.”

In supporting this finding, Rogers pointed to the 2020 SolarWinds event as well as the more recent MS Exchange breaches.

Additionally, Rogers noted traditional approaches to cybersecurity are semi-redundant for those people who transitioned to remote-work arrangements during the pandemic as infrastructure is now shared with family.

“We’re not all sitting behind a central security stack right now. Now we’re dispersed,” he explained. “We’ve blurred the lines between what is ‘business infrastructure’ and what is ‘personal infrastructure.’ The bottom line is the attack surface has just proliferated as a result.”

Get a Cyber Quote today!

Leave a Reply

Your email address will not be published. Required fields are marked *

Related posts

Commercial P&C Insurance

Commercial Office Space Set for a Strong Comeback

The sustained increase in demand for office space across the nation since late 2022 suggests that the market has moved past its lowest point, according to insights from the real estate technology platform, VTS. Demand for office space began to rise in late 2022 and continued into early 2023. Since then, the office market has experienced a period of stability and growth, supported by favorable economic factors, indicating a market rebound. This conclusion is drawn from the VTS Office Demand Index (VODI), which tracks unique new tenant tour requests for office properties in key U.S. markets. The VODI serves as an early indicator of future office leasing activity. According to the index, demand for office space has grown consistently over the past 12 months, closing the second quarter with a 17% year-over-year increase and a 34% rise from the VODI’s lowest point in December 2022. A significant shift in office-based employment patterns further supports the belief that demand for office space has stabilized. After reaching its peak in August 2022, office-based employment declined by 3.9% in early 2024. However, this trend has since stabilized, and employment growth has remained steady. Additionally, a recent decrease in work-from-home rates has fueled the renewed demand for office space. “They say you can only recognize a market bottom after it has passed, and the office space market is no exception. Following what we now see as the bottom, the national demand has gradually increased, though it remains susceptible to economic challenges,” said Nick Romito, CEO of VTS. “However, the growth observed in VODI over the past 18 months, coupled with positive trends in the office-using workforce, suggests that the market has reset, and the worst is behind us.” It’s important to note that this national trend does not impact all local markets equally. Cities like Los Angeles and New York City have seen healthy growth in office space demand, while markets such as San Francisco and Washington, D.C., have experienced prolonged stagnation. In Los Angeles, office space demand surged in the second quarter, briefly surpassing pre-COVID levels, driven by an increase in the average size of office spaces sought by tenants. New York City followed a similar overall pattern, though with some softness in the second quarter. Conversely, San Francisco’s demand for office space remains unpredictable, largely due to its tech-focused workforce, which continues to favor remote work more than other industries. “Markets heavily dependent on the tech sector, like San Francisco and Seattle, are on a markedly different post-COVID recovery path compared to more diversified markets like Los Angeles and New York City. It may take some time before we see office demand in San Francisco and Seattle return to pre-COVID levels,” added Ryan Masiello, Chief Strategy Officer at VTS.

Read More
Cyber Liability

Global IT Outage Puts Business Interruption Insurance in the Spotlight

In July, a global IT outage had a significant impact on business interruption insurance policies, overshadowing the effects on cyber insurance coverages. “This incident wasn’t a result of a malicious attack, which is why typical cyber insurance policies may not have been activated,” explained Peter McMurtrie, a partner in West Monroe’s insurance sector, in an interview with PropertyCasualty360.com. “Where coverage was applicable, factors like deductible amounts, waiting periods, and coverage limits played a critical role in determining the extent of exposure,” McMurtrie noted. “Standard policies for small businesses were less likely to offer coverage, while more complex policies for mid-sized companies and Fortune 500 corporations may have included broader triggers for non-malicious outages caused by third-party software issues.” The outage was triggered by a software update on July 19, 2024, by cybersecurity firm CrowdStrike, which affected organizations worldwide using Microsoft Windows. This interruption had far-reaching consequences, including disrupting hospital systems, media outlets, financial institutions, delaying thousands of flights, and halting daily business operations. McMurtrie emphasized that while the initial impact of the outage was similar for both large and small businesses, the ability to recover operations and whether insurance covered the loss of business income varied. “Larger companies are more likely to have advanced disaster recovery plans that ensure service redundancy following unexpected outages,” he added. “Their insurance programs also tend to cover a wider range of incidents.” According to Microsoft, the CrowdStrike update error affected over 8.5 million Windows devices globally. The incident highlighted the interconnected nature of our global ecosystem, including cloud providers, software platforms, security services, and their clients. “It’s a stark reminder of the importance of prioritizing safe deployment and disaster recovery across the tech industry,” the company said in a blog post. McMurtrie pointed out that the outage’s widespread impact was largely due to its effect on organizations that are critical to societal infrastructure—sectors like agriculture, airlines, banking, energy, government, healthcare, manufacturing, and retail. “Insurance companies base their risk appetite on their ability to understand and price risks appropriately. This becomes increasingly challenging with emerging threats,” he said. “However, I anticipate that insurers will respond by clarifying policy language, refining risk selection criteria, and possibly developing new products specifically designed for this evolving exposure.”

Read More
Try your instant quote