3 minutes read

Log4j & Cyber Insurance

The Log4j crisis, one of the most serious cyber vulnerabilities in history, has hit cyber headlines recently and shows no sign of relenting.

What is Log4J?

Almost every software will keep records, known as ‘logs’, of errors and other coding issues. Rather than developing their own logging system, many developers use Log4j. Log4j is an open-source logging system. It has been developed collaboratively by coders around the globe and is free for anyone and everyone to use. It also uses Java as its sole programming language (one of the most common developer languages used by developers. Due to its accessibility and its use of Java, It has become one of the most commonly used logging packages around the world, relied on by Minecraft, Amazon, Apple, and many more household names. 

What is the Log4J crisis?

In early December 2021, previously unknown vulnerabilities in the software were discovered. As soon as these were revealed the race against time was on: programmers attempted to fix the issues, whilst attackers started exploiting them in what have been called Log4Shell attacks. The race is still continuing today, as more vulnerabilities are uncovered. 

The Cyber Insurance Academy has broken down these complicated cyber concepts for its students into a simple video explaining how these attacks work, which now forms part of the CCIS syllabus.

What Do Cyber Insurance Professionals Need to Know About Log4j?

Log4Shell attacks pose a huge risk because Log4j often forms part of the software supply chain (think NotPetya). This means that the malicious code inserted by hackers can travel through different parts of an organization and any third parties associated with it, with catastrophic effect on their operations. When issues like this are found in software, it is normally fixed with what are called “patches”.

How long will the crisis last?

Although patches are being found constantly, it is hard to propagate these since it requires mass coordination between Log4J developers, developers of software that use Log4j, software distributors, system operators, and users. It is likely to take a long time to repair the vulnerabilities in Log4j – some experts estimate fixing the issues could take several months and that the vulnerability will continue to crop up for years.  

In the fast-paced cyber world, it can be hard for insurance professionals to keep up with the latest in the industry. The Cyber Insurance Academy makes understanding cyber easy and seamlessly connects these complex technical principles to the insurance sector. Learn more about our courses here.


About The Cyber Insurance Academy:

Chartered Insurance Institute (CII)  members must continue to refine their expertise and skills with the right Continuing Professional Development (CPD). The Cyber Insurance Academy offers the Certified Cyber Insurance Specialist (CCIS) program that enables CII members to immerse themselves in the complex, fast-paced, and rewarding cyber insurance sector while claiming up to 50 structured CPD credits with the CII. The CCIS course combines technical skills with insurance knowledge to elevate professional practice within the cyber insurance sector through a fully-interactive, self-paced, online program covering both fundamental and advanced cyber security subjects, cyber underwriting, claims and incident response, risk management, regulatory compliance, and more. 

Course content is regularly updated according to the latest market developments. Most recently, a Log4j masterclass was released.

Follow our YouTube channel for more informational videos.

Want the latest on cyber insurance news, hottest trends, important issues, tips, and much more, directly to your inbox twice a month? Signup for The CI Academy Plus Newsletter here.

Reach Out to Us

Can’t find what you’re looking for? Leave your details and we’ll get back to you shortly