The Illinois Department of Insurance Issues Cybersecurity Guidance Regarding Microsoft Exchange Server Installations
Privacy, Cyber & AI Decoded Alert | 2 min read
Jun 4, 2021
The Illinois Department of Insurance (the "Department") recently released guidance to all regulated entities concerning vulnerabilities in Microsoft's Exchange Server installations. Issued on the heels of other state and federal agency warnings and directives, the guidance outlines pertinent details of the vulnerabilities and what successful exploitation of these vulnerabilities could mean—namely "persistent system access and control of an enterprise network." Recognizing that servers may still be compromised even after March and April fixes have been applied, the Department urges regulated entities to:
- Immediately assess the risk to their systems and consumers and take steps to address them;
- Identify internal use of vulnerable Microsoft Exchange products and any use of these products by critical third parties;
- Immediately patch or disconnect vulnerable servers and use tools provided by Microsoft to identify and remediate; and
- Continue to track developments and respond quickly to new information.
Although failure to follow the Department's guidance cannot result in an enforcement action at this juncture, it could potentially support claims in a civil or criminal action given the overwhelming amount of public notice.
Also significant is that the guidance is yet another example of a government agency seeking to monitor and advise on cybersecurity events. This further demonstrates increased governmental interest and foreshadows potential legislation in Illinois and at the federal level. Businesses that already have risk assessment tools and cybersecurity policies in place will be in an excellent position to meet and comply with any future requirements. In addition, it is noteworthy that the average cost of a data breach in 2020—according to the Ponemon Institute—was 3.86 million dollars, which in the short term can significantly impact an organization's operations. Given the possible risks of such a serious and large scale event, we strongly advise businesses to follow the Department's guidance.
Related Content
Related People
Related Capabilities
Featured Insights

Lawyers' Lawyer Newsletter
Jun 29, 2026
Beyond Malpractice: The Rising Threat of Privacy and Statutory Claims Against Lawyers

In The News
Jun 26, 2026
Brian McGrath Discusses Far-Reaching Impact of a NY Foreclosure Ruling on Mortgage Industry

In The News
Jun 26, 2026
Jason Oliveri Discusses AI Companions in Elder Care and the Risks for LGBTQ+ Residents

Event
June 25-26, 2026
Todd Young Speaks on Importance of Financial Literacy to ESOP Culture

Press Release
Jun 25, 2026
Scott Seaman Appointed to DRI Center for Law and Public Policy’s Social Inflation Task Force

In The News
Jun 23, 2026
Michael Dowell Explores New OIG Compliance Expectations for MAOs

Press Release
Jun 23, 2026
Jennifer Driscoll Reappointed as the ABA Antitrust Law Section Co-Chair of Comments

Press Release
Jun 22, 2026
Hinshaw Named a Client Service Standout Firm in BTI Consulting Client Service A-Team 2026

In The News
Jun 22, 2026
Lucy Wang Discusses California Insurance Solvency Regulation Addressing Climate Risks




