Search
Close this search box.
Request a quote

MS Exchange cyberattack could release a deluge of claims

pexels-mohamed-almari-1454253

MS Exchange cyberattack could release a deluge of claims

Claims from the attacks are expected to focus on legal, forensic and clean-up costs.

Companies in North America face the greatest risk exposures from the attacks, according to the cyber analytics specialist, as U.S. organizations are more likely to be using the affected Microsoft servers.

The insurance and reinsurance industries are likely to see a “long-tail of attritional claims” stemming from a series of cyberattacks on MS Exchange, Microsoft’s best-selling email service, according to cyber analytics firm CyberCube. The associated claims are likely to focus on legal, forensic and clean-up costs.

The attacks, which are thought to stem from Chinese state-sponsored hackers, exploit vulnerabilities on Exchange servers with the intent of placing malicious code. The codes can then be used in ransomware schemes, espionage or even to take over a system’s resources to mine for cryptocurrency, CyberCube reported. Researchers believe that 10 “advanced persistent threat actors” globally are now actively exploiting the code used in this attack.

Although the true scope of the attacks is yet to be determined, cybersecurity expert Brian Krebs estimated that roughly 30,000 organizations in the U.S. have been hacked thus far, while Bloomberg put the count closer to 60,000.

“The insurance industry is only just beginning to understand the scope of possible damage. It is too early to calculate potential losses from the theft of a corporation’s intellectual property,” William Altman, cybersecurity consultant at CyberCube, said in a release. “An accumulation of loss could result in multiple — theoretically, tens of thousands — of companies making insurance claims to cover investigation, legal, business interruption and possible regulatory fines. There is still the ongoing possibility that even more attackers will launch ransomware or other types of destructive cyberattacks.”

Only MS Exchange versions from 2013-2019 are considered vulnerable to the attacks, according to CyberCube, which noted Microsoft is releasing patches for legacy versions.

North American companies, multinationals most at risk

Companies in North America face the greatest risk exposures from the attacks, according to the cyber analytics specialist, as U.S. organizations are more likely to be using the affected Microsoft servers. Roughly 80% of MS Exchange customers are based in the U.S.

Additionally, Germany, Africa, Middle East and Australasia have also been deemed high-risk regions, according to CyberCube.

Mid- to large-size multinationals ($250 million-plus in revenue) are also facing an increasing risk, as these organizations tended to leverage MS Exchange servers before enterprise cloud computing became widely embraced. However, this is also leading small businesses to be viewed as less impacted by the incident as they tend to leverage cloud-based email systems.

Although small businesses might be insulated from this event, recent research shows that the sector, along with mid-sized organizations, will propel the cyber insurance market moving forward.

Rise of state actors

While hacking is often associated with lone wolves out for personal enrichment, nation-states are becoming more proficient and aggressive, according to retired Admiral Michael S. Rogers, former director of the National Security Agency and commander of U.S. Cyber Command.

“We went through a period between about 2011 and 2017, during which nation-states increased levels of activity,” Rogers said during a NetDiligence webinar. “This includes the NotPetya hits in the summer of 2017, probably the largest global event we’ve ever seen. And after that, given its repercussions, there seems to have been a bit of a step back.”

In supporting this finding, Rogers pointed to the 2020 SolarWinds event as well as the more recent MS Exchange breaches.

Additionally, Rogers noted traditional approaches to cybersecurity are semi-redundant for those people who transitioned to remote-work arrangements during the pandemic as infrastructure is now shared with family.

“We’re not all sitting behind a central security stack right now. Now we’re dispersed,” he explained. “We’ve blurred the lines between what is ‘business infrastructure’ and what is ‘personal infrastructure.’ The bottom line is the attack surface has just proliferated as a result.”

Get a Cyber Quote today!

Leave a Reply

Your email address will not be published. Required fields are marked *

Related posts
Commercial Auto

Around the P&C Insurance Industry: November 20, 2024

Porsche Auto Insurance:Launched an unlimited insurance product for high-mileage Porsche owners driving over 10,000 miles annually. This complements their pay-per-mile policies, allowing owners to choose fixed premiums or mileage-based options. Multiple vehicles on a single policy can also have mixed coverage. Safeco Insurance:Entered a book transfer agreement with Main Street America Insurance, enhancing its personal lines presence in 22 states. Main Street America is shifting focus to commercial lines, including commercial products and bonds. Resilient Cities Network & Tokio Marine Group:Partnered to bolster urban resilience projects. The collaboration supports the Resilience Finance Taskforce, helping cities globally scale investment strategies for resilience and climate adaptation. Skyward Specialty Insurance Group:Introduced life sciences liability coverage tailored for the life sciences industry, addressing risks such as medical liability, errors and omissions, and general liability. This strategic move supports the complex insurance needs of healthcare innovators. AAIS Partner Program:Welcomed Sproutr, offering AAIS members access to tools and services that streamline operations and foster growth in insurance processes. Duck Creek Technologies:Opened its second Center of Excellence in Warsaw, Poland, enhancing global customer service capabilities, particularly in Europe, the Middle East, Africa, and the Asia-Pacific regions. Liberty Mutual & Coursera:Launched an entry-level course, Insurance Sales Agent, to train learners in risk management, sales, and ethical practices, equipping them for careers in insurance sales. World Insurance Associates:Acquired United Counties Insurance Group of Old Bridge, NJ, expanding its regional operations. Previsico:Unveiled Instacasting, a flood mitigation solution using rainfall data for real-time surface water flood predictions, enabling faster and more precise response strategies.

Read More
COVID-19

Live Event Insurance: Navigating New Risks in a Post-Pandemic World

The surge in live events after COVID-19 has brought a new wave of challenges for venues. Whether hosting concerts, sports games, or festivals, ensuring adequate insurance coverage has become critical for managing increasing risks. Venue owners and operators must reevaluate their general liability and other insurance policies to safeguard against potential liabilities. The Risks Facing Entertainment Venues Imagine hosting a packed concert where pyrotechnics go awry or a brawl breaks out. These incidents can lead to lawsuits, legal fees, and insurance claims that could devastate your business if not adequately prepared. Proper coverage and legal risk management are the backbone of every successful venue. Tools for Managing Liability: Exculpatory Language To mitigate risks, venues often employ exculpatory language, such as disclaimers on tickets or websites. In New York, for example, these clauses can limit a venue’s liability for certain incidents, excluding cases of gross negligence. However, courts mandate that such language must be clear, bold, and conspicuous to be enforceable. Online ticket purchases further enhance risk management through clickwrap agreements. These agreements require customers to actively confirm their understanding of terms, adding another layer of legal protection. Understanding Assumption of Risk For recreational activities like concerts or sporting events, the doctrine of primary assumption of risk is another legal shield. It protects venues when attendees willingly accept inherent risks of the activity, such as injuries from a mosh pit. However, it does not cover negligence in venue maintenance or security lapses. Maximizing Insurance Coverage Given the complexities of live event liability, venue owners must ensure their insurance policies address all potential scenarios. Key steps include: Compliance and Risk Mitigation Under New York Insurance Law § 3420(d)(2), insurers are required to respond promptly to liability claims. Delays can result in waived defenses, placing greater responsibility on the insurer. Staying compliant with such laws is essential for efficient risk management. Preparing for the Unexpected The post-pandemic resurgence of live events highlights the importance of a robust risk management strategy. Regularly updating exculpatory language, reviewing contracts, and optimizing insurance coverage ensures venues are well-prepared to handle unforeseen challenges. At Skyscraper Insurance, we specialize in tailoring comprehensive insurance solutions for entertainment venues. From general liability to vendor contracts, our team can help you set the stage for success while managing risks effectively. Contact us today to learn more about protecting your venue and your business.

Read More
Categories
Try your instant quote
Click here to proceed