AXA’s APAC ransomware attack is a warning to all insurers

Branches of the insurance giant AXA in the APAC region have been the victims of a targeted ransomware attack that saw potentially 3TB of data stolen

Taking place on 15 May, the insurer’s operations in Hong Kong, Malaysia, the Philippines, and Thailand were affected. Meanwhile, its global websites were struck by a Distributed Denial of Service (DDoS) that made them inaccessible.

Initial reports of the attack emerged roughly 24 hours later on Sunday 16 May. A full report of the specifics have yet to be presented by AXA, but 3TB of sensitive data is said to have been seized by perpetrators using the ransomware Avaddon  - details seemingly confirmed by a dark web post seen by the Financial Times.

The stolen data supposedly included personal identification information, medical records, and claims history, among other things.

Cyber attacks: A persistent threat

Ironically, earlier in May, AXA had stated that it was purposefully halting the underwriting of cyber insurance policies that reimburse victims of online extortion. The logic, at least on the part of some officials, was that such actions actually incentivise cyber crime.

“The word to get out today is that, regarding ransomware, we don’t pay and we won’t pay,” said Paris’ cybercrime prosecutor Johanna Brousse at the time.

AXA’s misfortune also came shortly after hackers launched a cyber attack against Colonial Pipeline Company. The event caused local petrol shortages and the company was forced to pay the US$5m ransom, which it did using Bitcoin.

Clearly, the threat of large cyber attacks is not restricted to the insurance industry. However, the implications of AXA deciding against cyber insurance underwriting could have broader implications, particularly as global spending in the sector was previously estimated to reach $174.7bn by 2024.

Prevention is better than a cure 

Lior Div, CEO and Co-founder of Cybereason, weighed in on what the insurance industry should take from this event:

"Unfortunately, AXA is in the long line of companies suffering from a ransomware attack. While it will take some time to learn the specifics of this newest attack, it is important to remind everyone that ransomware attacks can be disrupted and stopped before they have a material impact on an organisation by using endpoint detection and remediation software.

“Cybereason strongly recommends against paying ransom demands as our recent research shows that more than half the companies that pay a ransom are hit a second time.”

The adage that ‘an ounce of prevention is worth a pound of cure’ appears to ring true. Insurers must instill cybersecurity at every level of corporate operations and culture. Failing to invest the time and money could ultimately be the most expensive mistake of all.

Share

Featured Articles

MoneyLIVE Summit 2024: Qover Talks Embedded Insurance

In attendance at MoneyLIVE Summit 2024, we spoke to Qover’s Chief Revenue Officer, Parker Crockford, on the rise of embedded insurance

Ansel raises US$20m to combat financial healthcare barriers

The new round of funding marks a crucial step for Ansel in making modern supplemental insurance more accessible, says Veer Gidwaney, Ansel’s Founder & CEO

Hastings Direct: Levelling up with Snowflake

Sasha Jory, Chief Information Officer at Hastings Direct, tells us how the insurer has undergone a digital transformation in partnership with Snowflake

The life and career of Defaqto CEO John Milliken

Customer Experience (CX)

US cyber insurtech Corvus agrees $435m sale to Travelers

Insurtech

NEXT Insurance in $265m partnership with Allianz & Allstate

Insurtech