CNA Financial Corp.’s cyber insurance won’t cover all its losses from a ransomware attack that forced it to disconnect its systems in March, the insurer disclosed in its third-quarter filing with the Securities and Exchange Commission.
“Although we maintain cybersecurity insurance coverage insuring against costs resulting from cyber attacks (including the March 2021 attack), we do not expect the amount available under our coverage and/or our coverage policy to cover all losses,” the insurer stated in the filing.
CNA did not provide an estimate of its losses related to the attack but it reportedly paid $40 million to hackers to regain control of its systems.
In the filing, CNA also said that as a result of the attack and industry trends, it “will incur higher costs for the replenishment of the Company’s current policy through the end of the term, as well as future cybersecurity insurance coverage beyond the current term.”
Cyber insurance rates have skyrocketed in recent months.
On a conference call with analysts to discuss CNA’s third-quarter results on Monday, CEO Dino Robusto said “the transactional limitations” that followed the ransomware attack “are now behind us.”
CNA reported a profit of $256 million for the third quarter, a 20.2% increase over the same period last year. The insurer’s combined ratio improved slightly to 100%, compared with 100.9% for the prior-year period.
The company reported $178 million in catastrophe losses – compared with $160 million in the 2020 period – which includes $114 million related to Hurricane Ida.
Property/casualty net written premium increased 5% to $1.91 billion.
CNA Financial Corp. Monday reported second-quarter net income of $368.0 million, more than double the $151 million in the prior-year quarter, as catastrophe losses plummeted.