MS Exchange cyberattack could release a deluge of claims

pexels-mohamed-almari-1454253

MS Exchange cyberattack could release a deluge of claims

Claims from the attacks are expected to focus on legal, forensic and clean-up costs.

Companies in North America face the greatest risk exposures from the attacks, according to the cyber analytics specialist, as U.S. organizations are more likely to be using the affected Microsoft servers.

The insurance and reinsurance industries are likely to see a “long-tail of attritional claims” stemming from a series of cyberattacks on MS Exchange, Microsoft’s best-selling email service, according to cyber analytics firm CyberCube. The associated claims are likely to focus on legal, forensic and clean-up costs.

The attacks, which are thought to stem from Chinese state-sponsored hackers, exploit vulnerabilities on Exchange servers with the intent of placing malicious code. The codes can then be used in ransomware schemes, espionage or even to take over a system’s resources to mine for cryptocurrency, CyberCube reported. Researchers believe that 10 “advanced persistent threat actors” globally are now actively exploiting the code used in this attack.

Although the true scope of the attacks is yet to be determined, cybersecurity expert Brian Krebs estimated that roughly 30,000 organizations in the U.S. have been hacked thus far, while Bloomberg put the count closer to 60,000.

“The insurance industry is only just beginning to understand the scope of possible damage. It is too early to calculate potential losses from the theft of a corporation’s intellectual property,” William Altman, cybersecurity consultant at CyberCube, said in a release. “An accumulation of loss could result in multiple — theoretically, tens of thousands — of companies making insurance claims to cover investigation, legal, business interruption and possible regulatory fines. There is still the ongoing possibility that even more attackers will launch ransomware or other types of destructive cyberattacks.”

Only MS Exchange versions from 2013-2019 are considered vulnerable to the attacks, according to CyberCube, which noted Microsoft is releasing patches for legacy versions.

North American companies, multinationals most at risk

Companies in North America face the greatest risk exposures from the attacks, according to the cyber analytics specialist, as U.S. organizations are more likely to be using the affected Microsoft servers. Roughly 80% of MS Exchange customers are based in the U.S.

Additionally, Germany, Africa, Middle East and Australasia have also been deemed high-risk regions, according to CyberCube.

Mid- to large-size multinationals ($250 million-plus in revenue) are also facing an increasing risk, as these organizations tended to leverage MS Exchange servers before enterprise cloud computing became widely embraced. However, this is also leading small businesses to be viewed as less impacted by the incident as they tend to leverage cloud-based email systems.

Although small businesses might be insulated from this event, recent research shows that the sector, along with mid-sized organizations, will propel the cyber insurance market moving forward.

Rise of state actors

While hacking is often associated with lone wolves out for personal enrichment, nation-states are becoming more proficient and aggressive, according to retired Admiral Michael S. Rogers, former director of the National Security Agency and commander of U.S. Cyber Command.

“We went through a period between about 2011 and 2017, during which nation-states increased levels of activity,” Rogers said during a NetDiligence webinar. “This includes the NotPetya hits in the summer of 2017, probably the largest global event we’ve ever seen. And after that, given its repercussions, there seems to have been a bit of a step back.”

In supporting this finding, Rogers pointed to the 2020 SolarWinds event as well as the more recent MS Exchange breaches.

Additionally, Rogers noted traditional approaches to cybersecurity are semi-redundant for those people who transitioned to remote-work arrangements during the pandemic as infrastructure is now shared with family.

“We’re not all sitting behind a central security stack right now. Now we’re dispersed,” he explained. “We’ve blurred the lines between what is ‘business infrastructure’ and what is ‘personal infrastructure.’ The bottom line is the attack surface has just proliferated as a result.”

Get a Cyber Quote today!

Leave a Reply

Your email address will not be published. Required fields are marked *

Related posts

Audits

Insurance Mergers and Acquisitions Hold Steady in 2024

Despite a slight decline in overall insurance M&A activity, the industry remains at pre-pandemic transaction levels, signaling a resilient and evolving marketplace. According to a recent OPTIS Partners report, 750 insurance agency mergers and acquisitions were announced in 2024, a 10% drop from the 833 recorded in 2023. However, activity picked up in the latter half of the year, with a 21% increase over the first half, demonstrating sustained investor confidence. “The M&A market remains stable, with no rush to close year-end deals for the second consecutive year,” said Tim Cunningham, managing partner of OPTIS Partners. “We anticipate more large-scale transactions in the next 12 to 24 months, as firms continue to seek growth through strategic acquisitions.” What This Means for Skyscraper Insurance At Skyscraper Insurance, we understand the impact of these market shifts and remain committed to delivering top-tier risk management solutions. As industry giants consolidate, we continue to prioritize personalized service, innovative coverage solutions, and strategic growth to better serve our clients. Key 2024 Transactions ✅ AON Acquires NFP – AON completed a $13 billion deal to acquire NFP, a firm with $2.2 billion in revenue.✅ Marsh McLennan Expands with McGriff Insurance Services – A $7.75 billion acquisition strengthens Marsh’s footprint.✅ Arthur J. Gallagher Secures AssuredPartners – A $13.45 billion agreement set to finalize in early 2025. As major players reshape the landscape, Skyscraper Insurance remains a trusted partner for businesses navigating today’s complex risk environment. Our expertise in risk management and tailored insurance solutions ensures that clients continue to receive industry-leading protection. #WeShareYourVisionForABetterTomorrow#SkyscraperInsurance #RiskManagement #MergersAndAcquisitions #InsuranceIndustry

Read More
Technology

13 Ways AI Moves Insurance Marketing Forward

As professionals in the insurance industry, we at Skyscraper Insurance understand the allure of innovation. Much like a classic car enthusiast admires shiny, powerful machines, we embrace the transformative power of technology—especially when artificial intelligence (AI) drives forward insurance marketing. AI is not just a buzzword; it represents a monumental leap in marketing capabilities. But with this powerful tool, we must ask: Are we ready to harness its full potential responsibly? AI promises to revolutionize marketing, elevating our strategies from traditional methods to cutting-edge, data-driven practices. By understanding where and how to apply AI, Skyscraper Insurance aims to refine our marketing campaigns and achieve unparalleled success. The Enduring Value of Traditional Marketing Classic marketing methods—relationship-building, personalized service, and human intuition—remain integral to insurance. Strategies like direct mail, in-person networking, and grassroots campaigns resonate deeply within our industry. However, these approaches, much like vintage cars, can be labor-intensive and lack the scalability and efficiency of modern methods. To stay competitive, traditional marketing must evolve. By integrating digital tools into classic strategies, we can modernize our outreach while retaining its personal touch. At Skyscraper Insurance, we blend time-tested methods with advanced metrics, ensuring our campaigns are both effective and enduring. How AI Powers Precision in Marketing AI introduces unparalleled precision and efficiency into insurance marketing. Think of it as the most advanced smart vehicle—equipped with adaptive technology that enhances every journey. With AI, Skyscraper Insurance can: These tools allow us to navigate marketing challenges with the confidence of a self-driving system, ensuring smarter and safer campaigns. The Evolution of SEO Through AI AI is reshaping search engine optimization (SEO), enhancing traditional practices with cutting-edge capabilities: By integrating AI into SEO strategies, Skyscraper Insurance ensures our content remains visible and relevant in an ever-changing digital landscape. Adapting for AI Platforms As AI platforms like ChatGPT redefine content discovery, we focus on: Balancing traditional SEO with AI-driven strategies keeps our content effective across diverse platforms. Finding Harmony Between Tradition and Innovation At Skyscraper Insurance, we believe in blending the best of traditional marketing with the advancements of AI. Just as a classic car enthusiast might upgrade their vehicle without losing its charm, we integrate AI to enhance human relationships and intuition. Driving Forward With Confidence As we navigate the future of insurance marketing, Skyscraper Insurance combines the reliability of traditional methods with the innovation of AI. This dual approach ensures we stay ahead in delivering exceptional service and tailored solutions to our clients. Whether fine-tuning classic strategies or adopting AI-powered tools, we’re committed to helping you achieve your goals with precision and care. At Skyscraper Insurance, #WeShareYourVisionForABetterTomorrow.

Read More
Try your instant quote