Advisen FPN

Advisen Cyber FPN - Wednesday, March 31, 2021

Long tail for the 'thousands' of claims that may result from Microsoft Exchange hack


Long tail for the 'thousands' of claims that may result from Microsoft Exchange hack

By Erin Ayers, Advisen

Insurers may see significant claims stemming from the recent breach of a popular Microsoft email service, with U.S.-based businesses and larger organizations around the world most at risk, according to an analysis from CyberCube.

Earlier this month, Microsoft reported that state-sponsored hackers exploited four zero-day vulnerabilities in the tech giant’s Exchange Service, creating backdoor access into tens of thousands of servers around the world. Since then, security researchers estimate that up to 10 different threat actors around the world have taken advantage of the hack to distribute ransomware, espionage, and other attacks.

“The insurance industry is only just beginning to understand the scope of possible damage. It is too early to calculate potential losses from the theft of a corporation’s intellectual property. These kinds of data breaches could have delayed -- but long-lasting -- impacts on commercial competitiveness,” said William Altman, cybersecurity consultant at CyberCube and one of the report’s authors, predicting a “long-tail of attritional claims” from the event.

Companies affected by malicious code will need to fully investigate their networks to eliminate any chance for unauthorized access, according to the report. Microsoft has issued patches for the vulnerabilities, but as CyberCube noted, “Patching is not always as simple as pushing an update button.”

“(Re)insurers could be on the hook for third-party breach investigation and incident response claims from thousands of companies as they investigate for indicators of compromise and the presence of web shells,” said CyberCube.

U.S. organizations are more likely to have been using Microsoft Exchange servers, according to the report. Most smaller and mid-size firms opt for cloud-based email, which were not affected. CyberCube also estimated larger organizations around the world are at risk, particularly in Germany, Africa, the Middle East, and the Australia-Asia region.

“An accumulation of loss could result in multiple – theoretically, tens of thousands – of companies making insurance claims to cover investigation, legal, business interruption and possible regulatory fines,” said CyberCube, adding, “Large-scale cyber events that create risk aggregation issues for (re)insurers are becoming more familiar. From WannaCry and NotPetya in 2017, to SolarWinds in 2020, and now Microsoft Exchange in 2021, the potential for a single cyber attack to cause widespread and catastrophic damage is now undeniable.”

Editor Erin Ayers can be reached at

Verisk Analytics