Exclusive first look at Coalition’s new cyber claims dataGet the 2024 Cyber Claims Report
Cyber Incident? Get Help

2021 Top Cyber Attacks and How Coalition Cyber Insurance Could Help


The impacts of 2021 ripped through all facets of life — we continued to live alongside the COVID-19 pandemic, companies large and small continued to support hybrid work models, and cybersecurity incidents shook many industries. The scale and frequency of these incidents led 2021 to be the year that cybersecurity issues entered the mainstream discussion, with President Biden even convening a meeting on cybersecurity.

Coalition was founded to solve cyber risk and we gather a lot of data every day. Still, we wanted to know how the biggest cyber incidents of 2021 impacted the insurance and security communities at large. So we asked our followers on Twitter and LinkedIn to share their thoughts. Based on those responses, here are the major cyber events that defined 2021 and our key takeaways to help reduce the likelihood of similar incidents impacting your business in the future.

Most Impactful: Colonial Pipeline

No other incident in 2021 had such broad recognition as the ransomware attack against the Colonial Pipeline Company. Parts of the company’s network were shut down for nearly a week to contain a ransomware attack, which delayed delivery of refined petroleum products to large parts of the east coast in the US. News coverage of the incident led people to panic buy gasoline even in places where the Colonial Pipeline doesn’t supply gas stations. This resulted in long lines and fuel shortages, which, in turn, led to very broad awareness as people sought answers to the fuel crisis.

Cybersecurity incidents have been technobabble to many people, as they are a very new and quickly evolving category of risks. However, when these incidents affect fundamental goods and services that we rely on daily, it’s much harder to write them off as an esoteric concern. Ransomware had a substantial impact in 2021 — Coalition saw an increase in the frequency of attacks, and the average payment demand rose threefold. As ransomware reshaped the industry throughout the year, targeting organizations large and small, awareness of these attacks rose, although Colonial Pipeline was undoubtedly the most notable.

Runner Up: Kaseya ransomware attack

The Kaseya ransomware attack had a lower profile outside of the IT and security communities because the target was a business service provider rather than a consumer goods company. Kaseya is a managed service provider (MSP), an outsourced IT provider that handles various aspects of managing a company’s computer network and resources. The access required by an MSP to an organization’s computing resources makes them a valuable target — gaining a foothold in the MSP network could give attackers access to hundreds or thousands of other organizations.

Many small and medium-sized businesses use MSPs, and they often leverage their MSP for support in recovering from cyber incidents. Because this attack impacted Kaseya, it only served to amplify the problem. Coalition’s ability to offer in-house incident response (IR) capabilities was essential in helping policyholders affected by this breach. Our proactive alerting helped some policyholders avoid an incident altogether by turning off any Kaseya equipment in their network before an event could occur. Third-party vendors and other critical links in the supply chain are increasingly targeted by attackers, especially if the supplier has a large customer base that effectively amplifies the attack

Honorable Mentions

Microsoft Exchange vulnerability / Hafnium

In March of 2021, a series of vulnerabilities were disclosed that allowed attackers to take remote control of Microsoft Exchange email servers. This was a high-stakes attack due to the volume of sensitive information usually contained in email traffic and its vital role in business processes. Just take a moment to think about how reliant many businesses are on email for daily work tasks. Luckily, the attack was only successful against organizations running their own Exchange servers, known as on-premises, and not against organizations who utilize cloud-based email like Microsoft 365.

According to our Claims Report, roughly 1,000 Coalition policyholders were exposed to the Microsoft Exchange vulnerability but we successfully remediated the vulnerability for 98% of our impacted policyholders within a week of the disclosure. Due to the dynamic nature of the Exchange vulnerability, it remained a persistent threat throughout much of the year.

Howard University ransomware

A day off from school is usually a student’s dream. Still, when the cause is a ransomware attack that affects a university’s services, it’s a different matter altogether. Howard University canceled classes, shut down vital services like the campus WiFi, and performed an investigation after the IT department noticed a ransomware attack. Because Howard is also a research hospital for dentistry, nursing, and pharmacology, there was initial concern that the attack might have impacted sensitive medical data. While the attack did not impact any sensitive data, it was a sobering lesson for the next generation of healthcare providers. Ransomware attacks can impact any industry, making modern healthcare not just an issue of patient care but of keeping IT systems secure to ensure that neither care nor patient information are compromised.

CNA Ransomware

Insurance companies like Coalition are by no means immune to attacks, as demonstrated by the massive ransomware attack against insurance provider CNA early in 2021. Due to the high-profile nature of the company, many attack details have been released, including the fact that the attackers both stole data and ransomed the company’s computer networks. The largest group of people impacted by the attack were CNA employees, although customer data was also compromised.

Because CNA is one of the largest insurance carriers in the US that underwrites cyber insurance, the news that they had been hit by ransomware was shared widely in insurance and security communities. News of the attack was little more than a footnote outside these groups. Still, this attack earns its honorable mention due to its size (the ransom was reportedly $40 million) and the fact that it was against a major player in the cybersecurity industry. Insurance companies often bear the financial impact of ransomware attacks if they cover the cost of paying the ransom.

Late to the party: Log4J

Whether you pronounce it “log4j” or “logforge” there’s no debating this incident set the internet on fire as security teams scrambled to put a fix into place. Initially discovered as an issue in Minecraft, Log4j is part of a logging library used across many different Java-based platforms that power large parts of the internet. Countless organizations have been impacted and mitigation techniques are still being updated and released. Like Microsoft Exchange and Solarwinds before it, the impacts of Log4J are still being discovered and will likely be felt for months into the new year.

All cyber incidents have consequences

There are different ways to measure impact. Tangible impacts like financial loss are one, while intangibles like reputation or goodwill can also be valuable.

When reflecting on the cyber incidents of 2021, we were primarily interested in capturing the moments that made cybersecurity a talking point for daily life. By that definition, the long lines and scarcity of fuel after the Colonial Pipeline attack qualify it for the top spot, but the reality is all cyber attacks are worthy of attention.

Attacks are growing in both size and frequency, and the time to brush them off as just a concern for security or IT teams is long past. Coalition believes that cybersecurity is a team sport and proactive cyber risk management is the best way to solve cyber risk, so acknowledging the magnitude of the problem and staying on top of managing the risk is essential.

Coalition offers a wealth of resources to help businesses implement good cybersecurity practices, including our Cybersecurity Guide. Additionally, Coalition policyholders can manage their risk profile in real time using Coalition Control, our active risk monitoring platform.

For questions about Coalition’s claims process or to be connected to a broker, reach out to our team.