The American broker, Arthur J. Gallagher & Co., reported a ransomware “incident” that happened on Sept. 26, 2020.

The global risk management and insurance firm disclosed this information in a report published on Sept. 28 on the website of the Securities and Exchange Commission (SEC), the U.S. federal agency that regulates and supervises financial markets.

In this report, Arthur J. Gallagher states that the cyberattack affected a limited portion of its internal systems.

Action Plan

The company also described its response to the attack. "We promptly took all of our global systems offline as a precautionary measure, initiated response protocols, launched an investigation, engaged the services of external cybersecurity and forensics professionals, and implemented our business continuity plans to minimize disruption to our customers.”

On Sept. 28, the company said it has restarted or is in the process of restarting most of its business systems.

“Although we are in the early stages of assessing the incident, based on the information currently known, we do not expect the incident to have a material impact on our business, operations or financial condition," the company said.

Contacted by the Insurance Portal, Arthur J. Gallagher & Co. declined to specify whether the cyberattack had affected its Canadian operations. Nor was the Insurance Portal able to obtain comments from Arthur J. Gallagher Canada or GPL Assurance, a Gallagher company.

A growing risk

When a company is hit by a ransomware attack, the data contained in its information systems are encrypted, and can only be recovered if a ransom is paid.

In the United States, in the COVID-19 context, ransomware attacks soared by 25% in the first quarter of 2020 compared with the fourth quarter of 2019, a study by global insurer Beazley concludes. Aon expects this type of attack to be the main source of cyberrisk insurance claims south of the border in 2020.