By Isha Marathe

June 24 - (The Insurer) - Tokio Marine-owned Philadelphia Insurance Companies and Nasdaq-listed Erie Indemnity Company, which manages Erie Insurance, are working to resume normal business operations as they enter the third week of system disruption following separate information security events.

Erie, which filed an 8-K with the SEC on June 7 reporting an information security event, on Monday said: "After a thorough review of all systems—conducted by both our team and external partners—we have safely and securely reconnected several business systems and applications."

It continued: "At this time, there is no evidence of ransomware and no indication of ongoing threat actor activity.

"We take these matters very seriously and are working diligently to identify what, if any, data may have been affected. Our investigation is ongoing, and we will continue to provide updates as we have more information."

On Monday, Philadelpha Insurance Companies stated that "dedicated employees continue working around the clock to get us closer to full business operations," and that "some services may be limited."

Both companies are conducting investigations into the source of the network disruption.

AM Best on Tuesday said the ratings of Philadelphia Insurance Companies along with Tokio Marine America Group and First Insurance Company of Hawaii’s subsidiaries remain unchanged following the information security event.

That followed AM Best on Friday also saying that the credit ratings of Erie remain unchanged following it sustaining an information security event.

The rating agency in both cases highlighted the companies’ immediate actions to respond to the situation.

AM Best said it would continue to monitor the cyber event for any signs that the incident may impair both companies’ operational capabilities, harm their reputation or market position, or prompt a reassessment of enterprise risk management capabilities.

Last week, John Hultquist, chief analyst within the group at Alphabet's Google, told Reuters in an email that a particularly disruptive set of hackers operating under the nickname 'Scattered Spider' have recently turned their attention to the insurance industry, according to the company's cybersecurity researchers.

Scattered Spider is a term used by cybersecurity industry experts to track activities linked to a set of hacking tactics, techniques and procedures, particularly sophisticated social engineering.

"Given this actor's history of focusing on a sector at a time, the insurance industry should be on high alert, especially for social engineering schemes which target their help desks and call centers," Hultquist said.

"The anticipated threat of Iranian cyber capability to US organizations has been the focus of many discussions lately, but these actors are already targeting critical infrastructure. We expect more high-profile incidents in the near term as they move from sector to sector."

On June 12, the Cyber Risk Insurer exclusively reported that cyber sources said the PHLY disruptions were likely to have been carried out by Scattered Spider.

Neither Erie nor PHLY disclosed the name of the entity responsible for their system outage.