Cyberinsurance firm CNA Financial was reportedly hit by a possible cyberattack. The company is one of the largest insurance providers in the U.S.
The company's website is experiencing widespread network disruptions and employee services have been down for more than three days. CNA says it was hit by a sophisticated cyberattack and has engaged a team of third-party forensic experts to investigate and determine the full scope of this incident, which is ongoing.
On its website, a banner reads, "On March 21, 2021, CNA determined that it sustained a sophisticated cybersecurity attack. The attack caused a network disruption and impacted certain CNA systems, including corporate email."
Out of an abundance of caution, the firm says, they have disconnected their systems from their networks. "We’ve notified employees and provided workarounds where possible to ensure they can continue operating and serving the needs of our insureds and policyholders to the best of their ability," the firm says.
If their internal investigation determines the incident impacted their insureds' or policyholders' data, the firm says they will notify their parties directly.
Isabelle Dumont, Vice President of Market Engagement at Cowbell Cyber, says, Insurance firms should obviously activate the breach coach and incident response resources they work closely with when helping their own clients during an incident so that these clients are immediately informed and supported with monitoring services."
Dumont adds, "Every business, regardless of industry, can be targeted and should apply security best practices. No business is immune. Working with a breach coach dedicated to cyber, and an experienced incident response team to understand the scope of the incident with the type and volume of data impacted, is paramount when a cyber incident occurs. This insight informs who has a negotiating advantage."