"Back in March, insurance firm CNA Hardy had much of its IT system
knocked out by a ransomware attack, and sensitive data stolen.
That’s not a good look for a firm that
sells cyber insurance.
And what’s also pretty ugly is that
Bloomberg reports that CNA chose to pay an eye-watering $40 million to the cybercrime gang that launched the ransomware attack.
Jeepers!
As security researcher Kevin Beaumont adroitly
points out on Twitter, it’s makes one raise an eyebrow at some of the things CNA Hardy has said in the past on the topic of ransomware.
“A ransomware attack can have a devastating impact on business. Developing a breach plan and knowing what steps to take in the event of an attack could help save a business.” – Brian Robb, CNA.
He’s not wrong.
(According to
his LinkedIn profile, Robb left CNA Hardy last month to start a job as head of cyber at a different insurance firm. One imagines it might have looked better on his resume if he had moved on before the ransomware attack occurred, but never mind. Timing is everything.)
Meanwhile, CNA Hardy says that all of its cyber policy holders automatically get something called
CNA CyberPrep. What’s that you ask?
CNA CyberPrep, built on nearly two decades of cyber insurance expertise, is a proactive program of cyber risk services developed by CNA Risk Control and CNA Cyber insurance underwriters in partnership with leading cybersecurity specialists. It is designed to aid CNA cyber policyholders in cyber threat identification, mitigation and response.
A cynic might suggest that if CNA cannot protect itself, then it’s unlikely it will be able to do the job for its clients."
Yes, you read that correctly. FORTY MILLION DOLLARS.
grahamcluley.com
CNA have a massive PR job on their hands to keep themselves viable it appears. I tried following the LinkedIn link in this article to see where Brian Robb, the former CNA man quoted in the article, moved to. It could just be that the LinkedIn link wasn't working when I tried it, or it could be that Brain Robb has decided it is time to lie low for a while and become LinkedOUT.