CNA’s quick response to a cybersecurity breach that disrupted its network has helped preserve the company’s brand and competitive position, Standard & Poor’s concluded in a recent assessment.

S&P said that the attack, discovered by the company on March 21, didn’t affect its ratings for the Chicago-based commercial property/casualty insurer.

“While the full extent of the breach is still being investigated, we think the incident is largely contained following the company’s immediate action by disconnecting its enterprise-wide system affected by the attack,” S&P said.

The ratings agency gave CNA credit for taking a number of remedial actions, including quick communication with its employees, customers, brokers, agents and regulators about the incident.

S&P argued that doing so mitigated its concern about the company’s “brand reputation and competitive position.”

CNA’s balance sheet and business status helps to reinforce its steadiness in the market even as it deals with a major cyber attack, S&P added.

“In addition to committing to extremely strong capital, CNA distinguishes itself by its market-leading position and diverse geographic spread and product offerings, including a sustainable market share in commercial property and professional liability,” S&P’s report pointed out. “The company has said it is able to absorb potential financial consequences resulting from the breach through its cyber insurance coverage.”

S&P added it will continue following the situation.

AM Best and Fitch Ratings also affirmed their current ratings and outlooks for CNA and its subsidiaries and said they believes the attack has not yet had a material effect.

CNA said it has brought in a third-party forensic expert to investigate what happened and also alerted law enforcement. As well, the insurer disconnected its systems from its network as a precaution, though it provided workarounds where possible so employees could continue operating and serve policyholders.

Its website remained disabled as of March 27, other than a home-page note explaining what happened, and how insureds and policyholders could deal with billing issues and report claims in the interim.

Source: Standard & Poor’s

*Material from an Insurance Journal CNA story was used for this piece.

Topics Cyber