MOVEit attacks shine light on the cyber (re)insurance industry’s blind spots

London, 25 July, 2023 – Key lessons can be learned from Cl0p’s MOVEit attacks, according to analysis by leading cyber analytics firm CyberCube.

The ongoing cybersecurity incident known as the global MOVEit MFT (Managed File Transfer) attack has affected companies and government agencies on both sides of the Atlantic. The impact has been substantial - with hundreds of companies already hit by data theft and extortion, and the private information of over 20 million individuals exposed to date. The Cl0p ransomware and extortion gang was behind the attacks. 

A Single Point of Failure (SPoF) technology refers to a critical system, product, or service that is relied upon by many companies. The failure of such technology can cause a domino effect, affecting many organizations in tandem and creating a ripple effect of adverse outcomes. Analysis using CyberCube’s SPoF Intelligence tool in June identified 2,890 vulnerable MOVEit MFT deployments mapped to companies in 75 different countries. 

A new report “CyberCube SPoF Intelligence: Lessons Learned from the MOVEit Attack” highlights three key lessons that can be learned from the MOVEit attacks that can help the (re)insurance industry better understand how widespread data breach and extortion events can unfold. These are:

  1. Cyber (re)insurers have a blind spot when it comes to managing third-party risk arising from insureds’ service providers and their partners using vulnerable SPoFs.
  2. Companies that are dependent on Data Aggregator SPoFs, including MFT applications, could be targeted in future attacks. This points to the need for the (re)insurance industry and the broader security community to be vigilant about the threat to MFTs, even if it is not MOVEit.
  3. The MOVEit attack will not be the last widespread data breach and extortion event. (Re)insurers should focus on identifying insureds that are using risky MFT SPoFs. 

William Altman, Cyber Threat Intelligence Services Lead, said: “The cyber (re)insurance industry is currently looking into the concept of systemic cyber events and specifically questioning whether Cl0p's MOVEit attacks can be classified as one. As the industry strives to establish a unified definition for systemic cyber disasters, examining events such as Cl0p's MOVEit attacks closely is crucial, as they provide invaluable real-world evidence that can help shape more informed perspectives.”

A copy of the report can be found on our website: Lessons learned from the MOVEit attack



About CyberCube

CyberCube delivers the world’s leading cyber risk analytics for the insurance industry. With best-in-class data access and advanced multi-disciplinary analytics, the company’s cloud-based platform helps insurance organizations quantify cyber risk to facilitate placing insurance, underwriting cyber risk and managing cyber risk aggregation. CyberCube’s enterprise intelligence layer provides insights on millions of companies globally and includes modeling on thousands of points of technology failure.

The CyberCube platform was established in 2015 within Symantec and now operates as a standalone company exclusively focused on the insurance industry, with access to an unparalleled ecosystem of data partners. It is backed by Morgan Stanley Tactical Value, Forgepoint Capital, HSCM Bermuda, MTech Capital, individuals from Stone Point Capital and Scott G. Stephenson. For more information, please visit or email


Yvette Essen, Head of Content, Communications & Creative,


Contact Yvette

If you're looking for more information on CyberCube or on how to collaborate with us, feel free to get in touch with me directly.

I'd be happy to help!