What We Can Learn from the CNA Data Breach

How to protect yourself from ransomware
Peter Fidler, President, WCA Technologies

In this article, I’d like to discuss what we can learn from the CNA data breach that took place in March.

The Importance of an Evolving Data Security Strategy

The need for constantly improving data security is at an all-time high — just as new technologies are developed to thwart attackers, it seems they manage to come up with the tools and means to defeat those systems.

Case in point: March 21, 2021, when insurance giant CNA Financial was hit with a “sophisticated cybersecurity attack” that disrupted services for three full days as the company attempted to prevent further issues and rectify the data breach.

It seems like it’s a near-daily occurrence that you hear of yet another company that is the victim of yet another cyber-attack. The major breaches like this one with CNA and those in the past with big names like Target and Home Depot are less common, but of course, when the corporations are involved, they make the headlines. The reality, however, is that the majority of attacks are directed at small to mid-size brands and more than half of those companies end up closing their doors forever because of the high cost of these data breaches.

And don’t become complacent thinking no one would bother to steal your data: while high-profile cases such as CNA occupy the national news, the greatest number of attacks are aimed at small businesses, because of their vulnerability and the sheer number of opportunities they present.

The Real Cost of the CNA Data Breach

While the headlines often focus on the information that was compromised or the scale of the hack that has taken place, what you don’t hear about often is how much money companies spend dealing with the recovery from the breach and protection against future breaches. On average, companies lose around $3.3 million and spend as much as four months trying to recover.

In addition to this, if you fail to comply with data breach laws, many states charge as much as $500,000 or more in fines. There may be additional legal liabilities and penalties, too. Hackers will target any company, regardless of size. In some cases, they may prefer a small to mid-size business because they know the security might not be as robust and a breach may be easier to accomplish.

With the CNA data breach, the company lost three days of business, in addition to the weeks and months they’ll spend recuperating, recovering their losses, and trying to win back the confidence of their customers. They are just the latest example in a long line of “I thought we were protected” breaches that prove that even with the best intentions, no company is safe from a potential hack these days.

Even when you put the money aside, the true cost of these hacks start to add up: lost reputability, lost trust, and lost time and effort that could be used elsewhere that is instead spent cleaning up and restoring the business in the aftermath of a data breach event.

Defending Your Business from a Data Breach

The best line of defense is preparedness. A cybersecurity professional can assess your firm’s areas of vulnerability and suggest a proactive program of defense. Relying on a single IT professional in-house may not be sufficient, as threats continue to evolve and human actions remain one of your most likely areas of weakness.

Prepare effectively for any kind of potential cyber event or hack to mitigate and manage your risk. A prudent company will address all of the important areas of data security strategy, including:

  • Technology
  • Management of the business and partners
  • Training of employees
  • Insurance coverage
  • Emergency Response Plan development and integration


It is critical to work with an IT professional who is skilled in cyber security, including penetration testing to try to break through the protection and test it properly. Companies will also want to manage all their relationships carefully so that those who have access to valuable data are carefully screened. Proper training is also invaluable since human error accounts for 95% of all cyberattacks, or the events leading to them.

The Bottom Line – We Can Learn from the CNA Data Breach

You can never guarantee that you won’t be the target of a data breach. If giants like CNA can be compromised, anyone can. However, you can take the time to improve your data security plan to ensure that it is constantly evolving and utilizing the latest technology to minimize your risks.