Q2 Claims Trends
Support Available to Protect Against Ransomware Group CLOP (TA505) Attacks
A recent cyber attack that targeted MOVEit Transfer Software - a widely used software that is often integrated into firms’ supply chains - has affected numerous organizations around the world. The attacks are being attributed to CL0P ransomware group, also known as TA505. This series of cyberattacks may have been two years in the planning, using a zero-day vulnerability, CVE-2023-34362, in the MOVEit Transfer software. The attacks – which gave cyber criminals unauthorized access to companies’ data including payroll information – were sophisticated, and involved several stages including initial access, execution, persistence, privilege escalation, defence evasion, discovery, lateral movement, collection, command and control, and exfiltration.
The impact of the situation is escalating due to demands for ransom money to prevent the release of stolen data. Press reports at the time of writing suggest approximately 100 firms across Europe, Asia, USA, Brazil, and UK have been affected. It is expected this list will continue to grow.
To combat such attacks, Cybersecurity and Infrastructure Security Agency (CISA) has published mitigations that organizations can take to improve their overall security posture in response to TA505 activity, see: #StopRansomware: CL0P Ransomware Gang Exploits CVE-2023-34362 MOVEit Vulnerability | CISA
If your firm has been affected by this attack, we recommend you consult with your Aon representative who will work with you to identify if any insurance policies you have in force could offer support and protection and to determine if any of the breach response services provided by Aon Stroz Friedberg could aid your business.
Canadian Wildfires Have Health, Economic and Insurance Implications
In Canada, as of June 30, 2023, 3003 fires have burned 7,974,000 hectares (19,704,183 acres) and there are 487 active wildfires, 253 of which were deemed “uncontrolled" (see here for a map of the wildfires). The provinces of Alberta and British Columbia were experiencing 95 and 99 active wildfires, respectively. Roughly 126,000 people were evacuated from their homes, with the hardest hit being the indigenous communities in remote parts of the country. Resources around the world have been engaged to mitigate the myriad impacts of the fires. Smoke from the wildfires has caused air quality alerts across Canada, US, and Europe and has especially impacted many populations with various health concerns.
Although poor air quality has been one of the most severe and far-reaching impacts of the wildfires, they also pose a significant risk to nearby water systems. Rainstorms that follow a large wildfire can flush significant quantities of sediment, ash and contaminants into lakes, streams, rivers, and reservoirs, negatively impacting a community’s water supply.
As well, there are far-reaching economic impacts. The wildfires have prompted some Canadian oil and gas companies to curb production and cease or reduce drilling where the fires were in close proximity to their pipelines. This has increased the cost of crude oil in the market and may continue to do so.
In addition to significant health and economic concerns, the wildfires also carry insurance implications. Canadian brokers and insurers alike have indicated that the wildfires could impact pricing and capacity in fire-hit areas, and have renewed their call for the implementation of comprehensive risk prevention measures. Aon Claims Consultants are working diligently with clients and insurers who have been impacted by the wildfires. For example, to provide immediate relief to the most heavily impacted clients, Aon continues to work with insurers to issue advance payments under appropriate insurance policies. Please contact your Aon representative for questions about how Aon can help.
Class Action Litigation Arrives in the European Union
In 2020 the European Union embarked on a legislative change to enhance consumers’ rights to secure collective redress across all 27 EU Member Countries. Then, in June 2023, a new law, the EU Representative Action Directive (RAD) took effect which allows collective redress procedures for customers across all EU Member Countries through class action litigation. The RAD also allows litigation funding providing it is permitted by the applicable local law. (Funders; however, must avoid conflicts of interest and must not divert the action from the protection of the collective interests of consumers.) The legislation will apply to all actions filed on or after June 25, 2023.
While a major influx of US-style class actions is not generally expected, this new framework does make it easier to bring large-scale litigation affecting wide-area consumer groups which could result in an increase in claims for Aon’s clients.
The new legislation will take time to settle as each member state needs to determine which organizations are Qualified Entities (QE) (only organizations designated as a QE by a Member Country can bring collective actions.) Each member state also needs to elect whether their country will operate based on an opt-in system (where each consumer registers to be represented by the QE) or an opt-out system (where all consumers are automatically included in the class unless they explicitly opt out).
In addition, other elements need to be considered as they may vary between countries. For example, the shifting of certain legal costs to the losing party will be handled in accordance with local laws. This will offer an element of comfort for prospective defendants as it may help deter meritless claims. Also, certain EU countries impose statutory caps on the quantum of recoverable costs which may influence where plaintiffs commence actions.
While this new law is pro-consumer, it clearly may have significant impacts on the claims environment in the EU. Aon is closely monitoring this situation.
©2023 Aon plc. All rights reserved | Contact Us | Privacy Policy | Legal