Insurance Business ReviewJUNE 20248IN MY OPINIONIntroductionThe relative quiet we had witnessed in the world of cyber risk during the first half of 2023 came to an abrupt halt at the end of May, when news of the MOVEit file transfer vulnerability first broke. By now, most information security professionals have a handle on their company's exposure to this threat. However, less attention has been devoted to the impact that this exploit will have on the underwriting process for cyber insurance. Even if your organization does not purchase this insurance, the risk management tips in this article can help reduce the likelihood and severity of losses associated with this vulnerability.What's happening?Progress Software Corporation (the parent company of the software developer) has reported that vulnerability in MOVEit transfer can be exploited to allow attackers to gain unauthorized access to data, and execute SQL statements that alter or delete data. All MOVEit transfer versions are impacted by this vulnerability. Although there are limited number of organizations that use this software, corporate clients of those users are receiving notices that their own customer data has been compromised, vastly multiplying the scope of this event. What are the coverage implications?The first order of business for organizations has been to secure traffic to their MOVEit transfer environment. They should continue to monitor their network for indicators of compromise. The impact of this event goes beyond vulnerability management. After companies delete any unauthorized files and user accounts, reset their credentials and apply appropriate patches, they will need to consider how WHEN YOU THOUGHT IT WAS SAFE TO GO BACK IN THE CLOUD: PREPARING FOR YOUR CYBER INSURANCE RENEWAL IN LIGHT OF THE MOVEIT VULNERABILITYBy David Finz, First Vice President, Cyber Risk, Alliant Insurance ServicesThe MOVEit file transfer vulnerability is bound to have a lasting impact on the cyber insurance underwriting processDavid Finz
< Page 7 | Page 9 >