In response to a “sophisticated cybersecurity attack”, CNA Insurance has taken all of its systems offline, including its website. According to the company website, which is now just one page, the attack, which other outlets have described as a novel ransomware attack, caused a network disruption and even reached the corporate email system.
As outlined in our latest 2021 NAIC Market Share Report, CNA is currently the 14th largest P&C Insurer in the U.S. with $11,746,819,856 in Direct Written Premiums, $11,081,774,633 in earned premiums representing a 1.62% market share.
The following is a screenshot of what the CNA website looked like as of Monday, March 29, 2021:
AM Best comments on the situation
In the wake of the drastic actions taken by one of the nations largest insurers, AM issued the following statement on March 26th:
AM Best has commented that the Credit Ratings (ratings) of CNA Financial Corporation(CNAF) [NYSE:CNA] and its insurance subsidiaries remain unchanged following the company’s disclosure that it sustained a sophisticated cybersecurity attack that caused a network disruption and impacted certain CNAF systems, including corporate email. The outlook of these ratings is stable.
Based on the information available as of today, AM Best believes that the company is working diligently through this matter with its team and third-party providers. Immediately after learning of the alleged information security incident, the company took steps to mitigate potential damage and take control of the situation by disconnecting its operating systems from its network, which continues to function. As part of its continuity plan, CNAF has implemented workarounds where possible to ensure that employees can continue to execute critical functions until systems are restored.
AM Best currently believes that the disruption caused by the cyberattack has not reached a level that is material to the credit profile of the enterprise. However, AM Best recognizes that the situation remains highly fluid and will continue to monitor developments closely for indications that the incident has damaged the company’s ability to conduct business, eroded its reputation and favorable standing in the markets it serves or results in a change in AM Best’s view of the company’s enterprise risk management assessment, which it currently views as appropriate.