Read more: State-sponsored hackers attack US agencies, businesses
Experts say that the attack, while a national security nightmare, was fortunately not as disruptive to insurers.
“Although the SolarWinds attack is a cyber catastrophe from a national security perspective, insurers may have narrowly avoided a catastrophic financial incident to their businesses,” BitSight director of insurance programs and partnerships Samit Shah explained in a blog post.
A joint analysis by cyber risk vendor BitSight and cyber risk modeler Kovrr found that the hackers appear to have avoided large scale exploitation of victims. Instead, the perpetrators opted to maintain access to the compromised systems and collect sensitive data, the analysis found. Both cybersecurity vendors concluded that had the attackers focused on interrupting business and destroying networks, the incident would have been classified as a cyber catastrophe – an incident BitSight defines as a cyber event that results in economic losses greater than $200 million.
Shah also noted that many of the organizations affected by the hack are US government departments,…