Progress Software plans to utilize its $15 million cyber insurance policy to cover losses resulting from the MOVEit file transfer software breach and a previous incident in November 2022 [4]. The company has already received $4.9 million in insurance recoveries [5], with $3 million related to the November 2022 incident and $1.9 million related to the MOVEit vulnerability [4] [5]. However, Progress Software is currently facing legal battles [2], including indemnification requests from customers, a subrogation notice from an insurer seeking recovery for expenses, and 58 class action lawsuits from individuals impacted by the data breach. The U.S. [3] Securities and Exchange Commission (SEC) is also investigating the company regarding the MOVEit mass-hack. While Progress Software expects minimal financial impact, the possibility of further losses remains as legal actions continue.
Description
Progress Software has incurred approximately $1 million in expenses due to the vulnerability, but the full cost is still unknown due to ongoing legal matters and investigations [2]. The SEC has issued a subpoena to Progress Software [3], requesting documents and information related to the vulnerability [3]. The company states that the investigation does not imply any violation of federal securities laws and they will fully cooperate [3]. The exact number of impacted MOVEit Transfer customers is unknown [3], but 2,546 organizations have confirmed being affected [3], impacting over 64 million individuals [3]. Additional victims [3], such as Sony and Flagstar Bank, have also emerged.
The impact of the breach extends beyond financial losses. Insurers may adjust their approach to cyber insurance, leading to higher premiums and stricter coverage requirements [5]. Cyber insurance policies are already becoming more expensive and providing less coverage [5], with many companies experiencing significant premium increases and submitting claims. Insurers are now engaging more with cybersecurity teams to better understand risk profiles and collaborate on coverage [5]. As the cyber insurance market matures [5], policies may become even more expensive with less coverage [5], but premiums should stabilize as insurers refine their risk evaluations [5]. It is crucial for organizations to conduct their own risk assessments and ensure their internal policies address their entire attack surface [5].
Conclusion
The MOVEit file transfer software breach has resulted in significant financial losses for Progress Software, with ongoing legal battles and investigations [2]. The impact of the breach extends to the cyber insurance market, leading to higher premiums and stricter coverage requirements [5]. Organizations should prioritize conducting risk assessments and implementing comprehensive internal policies to mitigate potential vulnerabilities. The outcome of government inquiries and investigations remains uncertain [1], but the implications for the affected parties and the insurance industry are likely to be long-lasting.
References
[1] https://cybermaterial.com/sec-probe-of-progress-software-data-breach/
[2] https://www.computerweekly.com/news/366555303/US-SEC-launches-probe-into-mass-MOVEit-breach
[3] https://news.yahoo.com/sec-investigating-moveit-mass-hack-180026957.html
[4] https://flyytech.com/2023/10/13/how-moveit-is-likely-to-shift-cyber-insurance-calculus/
[5] https://www.darkreading.com/risk/moveit-shift-cyber-insurance-calculus