Two week after suffering a “sophisticated cybersecurity attack”, CNA Insurance has restored its online services and website. The sophisticated attack, which CNA has since confirmed was a ransomware attack saw one of the top 25 P&C insurers in the United States forced to take all of its operations offline, including corporate email.
In addition to contacting law enforcement, the company is continuing its own investigation into the matter but believes that as of April 1, 2021, the attack has been successfully contained. While the company has not returned to full normal operations, it has confirmed that it is safe to conduct business with CNA and to communicate with the company via email.
As outlined in our latest 2021 NAIC Market Share Report, CNA is currently the 14th largest P&C Insurer in the U.S. with $11,746,819,856 in Direct Written Premiums, $11,081,774,633 in earned premiums representing a 1.62% market share.
The following is a screenshot of what the CNA website looked like as of Monday, March 29, 2021:
Welcome back to CNA.com
As of this week, the company’s website is now live. The following is a screenshot of the homepage:
The company also published the following update:
On March 21, 2021, CNA determined that it sustained a sophisticated cybersecurity attack. The attack caused a network disruption and impacted certain CNA systems.
Upon learning of the incident, we immediately engaged a team of third-party forensic experts to investigate and determine the full scope of this incident, which is ongoing. We have notified law enforcement and are cooperating with them as they conduct their own investigation.
Out of an abundance of caution, we took immediate action by proactively disconnecting our systems from our network. We’ve notified employees and provided workarounds where possible to ensure they can continue operating and serving the needs of our insureds and policyholders to the best of their ability.
We are well into the restoration phase and making significant progress across our internal systems to safely return our environment to a fully operational state. Importantly, we have restored corporate email and have brought the CNA.com website back online. We expect the restoration of additional critical functions to proceed in the near future and will continue to update employees and stakeholders as information becomes available.
The security of our data and that of our insureds and other stakeholders is of the utmost importance to us. Should we determine that this incident impacted our insureds’ or policyholders’ data, we’ll notify those parties directly.
AM Best comments on the situation
In the wake of the drastic actions taken by one of the nations largest insurers, AM issued the following statement on March 26th:
AM Best has commented that the Credit Ratings (ratings) of CNA Financial Corporation(CNAF) [NYSE:CNA] and its insurance subsidiaries remain unchanged following the company’s disclosure that it sustained a sophisticated cybersecurity attack that caused a network disruption and impacted certain CNAF systems, including corporate email. The outlook of these ratings is stable.
Based on the information available as of today, AM Best believes that the company is working diligently through this matter with its team and third-party providers. Immediately after learning of the alleged information security incident, the company took steps to mitigate potential damage and take control of the situation by disconnecting its operating systems from its network, which continues to function. As part of its continuity plan, CNAF has implemented workarounds where possible to ensure that employees can continue to execute critical functions until systems are restored.
AM Best currently believes that the disruption caused by the cyberattack has not reached a level that is material to the credit profile of the enterprise. However, AM Best recognizes that the situation remains highly fluid and will continue to monitor developments closely for indications that the incident has damaged the company’s ability to conduct business, eroded its reputation and favorable standing in the markets it serves or results in a change in AM Best’s view of the company’s enterprise risk management assessment, which it currently views as appropriate.
