MS Exchange cyberattack could release a deluge of claims

Claims from the attacks are expected to focus on legal, forensic and clean-up costs.

Companies in North America face the greatest risk exposures from the attacks, according to the cyber analytics specialist, as U.S. organizations are more likely to be using the affected Microsoft servers.

The insurance and reinsurance industries are likely to see a “long-tail of attritional claims” stemming from a series of cyberattacks on MS Exchange, Microsoft’s best-selling email service, according to cyber analytics firm CyberCube. The associated claims are likely to focus on legal, forensic and clean-up costs.

The attacks, which are thought to stem from Chinese state-sponsored hackers, exploit vulnerabilities on Exchange servers with the intent of placing malicious code. The codes can then be used in ransomware schemes, espionage or even to take over a system’s resources to mine for cryptocurrency, CyberCube reported. Researchers believe that 10 “advanced persistent threat actors” globally are now actively exploiting the code used in this attack.

Although the true scope of the attacks is yet to be determined, cybersecurity expert Brian Krebs estimated that roughly 30,000 organizations in the U.S. have been hacked thus far, while Bloomberg put the count closer to 60,000.

“The insurance industry is only just beginning to understand the scope of possible damage. It is too early to calculate potential losses from the theft of a corporation’s intellectual property,” William Altman, cybersecurity consultant at CyberCube, said in a release. “An accumulation of loss could result in multiple — theoretically, tens of thousands — of companies making insurance claims to cover investigation, legal, business interruption and possible regulatory fines. There is still the ongoing possibility that even more attackers will launch ransomware or other types of destructive cyberattacks.”

Only MS Exchange versions from 2013-2019 are considered vulnerable to the attacks, according to CyberCube, which noted Microsoft is releasing patches for legacy versions.

North American companies, multinationals most at risk

Additionally, Germany, Africa, Middle East and Australasia have also been deemed high-risk regions, according to CyberCube.

Mid- to large-size multinationals ($250 million-plus in revenue) are also facing an increasing risk, as these organizations tended to leverage MS Exchange servers before enterprise cloud computing became widely embraced. However, this is also leading small businesses to be viewed as less impacted by the incident as they tend to leverage cloud-based email systems.

Although small businesses might be insulated from this event, recent research shows that the sector, along with mid-sized organizations, will propel the cyber insurance market moving forward.

Rise of state actors

While hacking is often associated with lone wolves out for personal enrichment, nation-states are becoming more proficient and aggressive, according to retired Admiral Michael S. Rogers, former director of the National Security Agency and commander of U.S. Cyber Command.

“We went through a period between about 2011 and 2017, during which nation-states increased levels of activity,” Rogers said during a NetDiligence webinar. “This includes the NotPetya hits in the summer of 2017, probably the largest global event we’ve ever seen. And after that, given its repercussions, there seems to have been a bit of a step back.”

In supporting this finding, Rogers pointed to the 2020 SolarWinds event as well as the more recent MS Exchange breaches.

Additionally, Rogers noted traditional approaches to cybersecurity are semi-redundant for those people who transitioned to remote-work arrangements during the pandemic as infrastructure is now shared with family.

“We’re not all sitting behind a central security stack right now. Now we’re dispersed,” he explained. “We’ve blurred the lines between what is ‘business infrastructure’ and what is ‘personal infrastructure.’ The bottom line is the attack surface has just proliferated as a result.”

Get a Cyber Quote today!

Specific Technologies Driving Insurtech Investment in 2024

Understanding the Funding Decline The decrease in funding does not necessarily spell trouble for the insurance sector but instead highlights a strategic shift, the report suggests. “The insurance industry, like many sectors, is focusing on the most promising ventures with substantial insurance potential,” the report explains. “Insurers are directing their investments toward key areas and current trends such as embedded insurance, employee benefits, and cyber risk management. This strategic investment approach signals a forward-looking mindset within the industry.” Three Key Insurtech Trends for 2024 The report identifies three major trends shaping insurtech investments in 2024: Public Insurtech Companies: Financial and Growth Strategies The report also notes that public insurtech companies are prioritizing revenue growth as their main goal. These firms are restructuring their financial strategies to boost cash flow and capitalize on rising revenue streams. Their growth prospects are supported by expanding asset portfolios and strong market demand. “Public insurtech companies are focusing on revenue growth and optimizing their financial frameworks to increase cash flow,” the report states. “The growth potential for these companies is driven by increasing revenue opportunities, broadening asset bases, and a robust market for their services.” In summary, while global insurtech funding saw a decline in 2023, the industry’s focus on GenAI, digital process management, and connected insurance technologies is setting the stage for a dynamic and forward-looking 2024.

Business

Insurer Secures Unanimous Supreme Court Victory in New York Choice of Law Dispute

In the world of sports, a clean sweep, a shutout, or a perfect game is the ultimate achievement. In the legal arena, a unanimous decision from the U.S. Supreme Court is equally rare and significant. In a notable legal triumph, Great Lakes Insurance SE achieved a unanimous 9-0 victory in the Supreme Court on February 21, 2024. This victory follows a protracted legal battle that began in the District Court of Pennsylvania, advanced to the U.S. Court of Appeals for the Third Circuit, and culminated in the Supreme Court’s decisive ruling. Background of the Case: Great Lakes Insurance SE v. Raiders Retreat Realty Company The heart of the dispute was the insurance contract’s clause selecting New York law to govern any future legal conflicts. Although the financial implications of this case were relatively minor compared to the broader marine insurance industry, the insurer’s determination to uphold a crucial maritime legal principle has significant long-term implications for marine insurance. Faced with the insured’s counterclaims—including allegations of breach of fiduciary duty, insurance bad faith, and violations of Pennsylvania’s Unfair Trade Practices Law—the insurer was confronted with serious risks. Such claims could lead to the shifting of attorney’s fees, treble damages, and more, which might normally encourage insurers to settle rather than risk pursuing justice. However, Great Lakes Insurance, supported by The Goldman Maritime Law Group, opted to challenge the Third Circuit’s decision and seek clarity from the Supreme Court. Supreme Court Ruling: A Landmark Decision In a landmark ruling, Justice Brett Kavanaugh affirmed that choice of law provisions in maritime contracts should be upheld by default. This ruling is a major victory for establishing a consistent federal standard in maritime law and avoiding a patchwork of state laws that could complicate marine insurance disputes. The Supreme Court’s decision overturned the Third Circuit’s earlier judgment, which had questioned whether Pennsylvania’s public policy concerns might override the insurance contract’s choice of New York law. By upholding the New York choice of law clause, the Supreme Court eliminated the extra-contractual bad faith claims under Pennsylvania law, thereby ensuring that the dispute could be resolved based on the merits of the insurance claim itself. Significance of the Supreme Court’s Decision This ruling represents a significant advancement in maritime law, affirming that choice of law clauses in maritime contracts are generally enforceable. The decision establishes a clear, uniform legal framework for resolving maritime contract disputes, which will streamline the process and ensure fair adjudication of future insurance claims. Justice Clarence Thomas’s concurring opinion was particularly notable for its criticism of the 1955 Wilburn Boat v. Fireman’s Fund Insurance decision, which had previously influenced maritime insurance law. Thomas argued that Wilburn Boat was incorrectly decided and stressed that a uniform and enforceable set of rules is essential for the development of maritime law. Impact on the Marine Insurance Industry The Supreme Court’s decision sets a “bright-line” rule affirming that choice of law clauses are valid unless there is a strong argument against the selected jurisdiction. By endorsing New York’s insurance laws as a reasonable choice, the ruling supports a more consistent and predictable legal environment for marine insurers. This decision represents a major step forward in maritime law, helping insurers better assess risks, determine premiums, and ensure fair and efficient resolution of maritime insurance disputes.

MS Exchange cyberattack could release a deluge of claims