One thing we hear all the time is “I am not sure what this covers”. There is nothing like being able to see example claims that were covered by our cyber insurance programs, and even better, what they cost to show you how much is at risk for your company.
Extortion (Ransomware)
Description
A small consulting firm was the victim of a ransomware attack that “locked” client files so they could not be accessed. The hackers demanded $3,000 to unlock the files. The firm paid the extortion demand through Bitcoin, but the password provided by the extortionist didn’t fully unlock the files. An outside IT company was called in, all files were able to be retrieved and backed up.
Damages
Extortion Monies: $3,125
Data Restoration: $4,700
Fraudulent Funds Transfer (Social Engineering)
Description
A law firm acting as a “closing agent” for real estate transactions was tricked into sending $170,000 to a cyber thief. The Firm received an e-mail purporting to be from the seller’s agent instructing the firm to wire the funds to the sellers account. The firm transferred the money held in escrow to the sellers account. However, the email wasn’t actually from the seller and the wire transfer instructions were bogus. The deal fell through, the buyer made a demand for the $170,000 and threatened suit against the firm. The firm opted to pay the $170,000 to the client rather than fight a lawsuit. In addition, the firm is being investigated for a trust account violation and may face a disciplinary proceeding.
Damages
Theft of Monies: $40,000
Defense Expenses: Pending
Fines and Penalties: Pending
System Interruption (Accident)
Description
An IT contractor working for a small auto dealer made a mistake during a systemwide upgrade that caused significant loss of data and 9 days of system downtime. The contractor installed incompatible software during an upgrade, which resulted in the company’s data being destroyed during the data migration. In addition, the firm’s software had to be removed and reinstalled on all machines.
Damages
Forensics Expense: $34,700
Data Restoration Expenses: $114,000
Data Damage (Hacker)
Description
A disgruntled former employee of a manufacturing company gained unauthorized access to the company’s computer system and, inserted spyware to spy on executives and began deleting files. At first, the firm thought they had a virus and took steps to eradicate the malicious code. However, every time they rebooted the system, files started being deleted again. Ultimately, the firm contacted forensic experts for help and eventually discovered that it wasn’t a virus. The forensics firm determined the attack was coming from an external source and closed the backdoor. By the time the firm closed the back door into their computer system, the former employee had deleted over 100 gigabytes of data.
Damages
Data Restoration Expenses: $23,000
Data Breach Liability (Privacy)
Description
A small retail company suffered an extortion threat. Despite paying the ransom, the extortionists released their customer’s credit card information, resulting in mandatory notification in 27 states and optional notification in 2 other states. However, before the firm could notify customers, they had to conduct extensive forensics to identify which customers were affected and pay the credit reporting agencies for the correct contact data for many of the customers. The insured opted to provide their clients with a full 24 months of identity restoration and monitoring services supported by a private call center.
Damages
Forensics Expense: $27,000
Notification: $51,000
ID Theft Services: $161,000
Call center (included)
Public Relations: $14,125
Extortion Expense: $12,180
Lost Income: $240,000
Data Damage (Accidental)
Description
A small firm lost all of their data including backups from a shared office space when the IT administrator formatted the hard drive on the office equipment. The firm, which had 3 lawyers, was operating inside unused space at a larger firm. As part of the arrangement, the smaller firm also used the IT systems of the larger firm. In an effort to segregate the data of the smaller firm, the larger firm gave them access to their own file server, which was normally used for email only. The server began having issues, so the IT administrator backup up the emails on the server, formatted the hard drive, and reinstalled all the software. The IT administrator did not remember to back up the data from the smaller firm before formatting the hard drive. The firm suffered an interruption of operations as a result and incurred significant expenses to recover the data manually.
Damages
Data Restoration Expense: $23,000