Cyber Insurance Claim Details for AU businesses
When lodging a cyber insurance claim saved the day
This month we are taking a look at how a few medium to large Australian businesses responded and recovered from various cyber events and how their cyber insurance was able to assist. In the past 12 months the majority of all cyber attacks against Australian businesses were targeted at small to medium size businesses. Many owners have heard the buzzwords and have seen the major international incidents on the news but haven’t seen a relatable cyber insurance claim from Australian businesses.
Healthcare Provider
- 100 Employees
- Unknown turnover
Incident
A healthcare provider misplaced multiple storage devices which contained sensitive information for over 1 million patients. The provider was unable to determine if the devices were lost, stolen or destroyed. Their lawyers advised the company to notify the affected individuals and assisted the company to address a regulatory investigation into the incident. This investigation saw the company fined for failing to adequately protect the information.
Outcome
The company was fined $75,000 which was covered. Legal costs were covered and totalled just over $1 million including costs in defending claims brought by affected individuals, costs associated with regulator enquiries, and for miscellaneous notification related work.
Total costs to the business were $5,000,000.
Logistics / Freight Forwarding & Warehousing
- $30 million turnover
Incident
An Australian logistics, freight forwarding and warehousing organisation was the victim of multiple business interruptions causing their network to be down for a total of 21 days. Could your business survive for 21 days without your network and information?
A disgruntled ex subcontractor turned out to be the culprit and cause of the network outage. The ex subcontractor had vast knowledge of the companies network and when the contractor was released from employment sought malicious revenge. The network was hacked multiple times causing unforeseen business disruption for 21 days.
A forensic IT provider was appointed to identify their main cause and complete restoration of the entire network.
Outcome
$280,000 which was made up of $110,000 in defence costs and $170,000 for forensic IT expenses and lost income.
Third-Party Administrator
- 500 Employees
- $65 million turnover
Incident
A covert organisation hacked an administrator’s network just before a major holiday weekend to steal personally identifiable information. Over 25,000 names and numbers for customer credit cards and personal details for 250 staff members were compromised. Malicious software was also found on an administrators laptop which caused the entire firm to cease business for 72 hours.
The insured client’s customers were unable to access the network for business purposes and sustained malware related impacts to their own systems. The Administrator was sued for impaired network access and conduit related injuries.
Outcome
The administrator incurred costs above $250,000 for forensic investigations, notification and monitoring measures, system restoration and legal advice. The business also calculated more than $2,000,000 in lost business income and extra expense associated with the system outage.
An additional $300,000 in defence costs were incurred and more than $5,000,000 in damages where paid to customers who were unable to access the administrator’s network.
The total cost to the business came to more than $7.55 million.
Cyber Insurance Could Save Your Business
B2B manufacturer
- 50 Employees
- $10 million turnover
Incident
A materials manufacturer leased a copying machine for a 24 month contract through a third-party intermediary. During the lease agreement the manufacturer made copies of proprietary client information and its own employee data.
After the lease had expired the manufacturer returned the copier via the third-party intermediary. During transit back to the leasing company a rogue employee of the third-party intermediary accessed the machine’s data. The proprietary information was stolen and then sold by the employee.
Outcome
The manufacturer was hit with $75,000 for forensic investigation, notification, identity monitoring , restoration services and independent counsel fees. The company also incurred around $100,000 in legal defence costs and $275,000 in indemnity associated with the theft and sale of proprietary client information.
Total costs to the business were over $450,000
Retailer
- 35 Employees
- $20 million turnover
Incident
A major retailer took a new marketing strategy and decided to email promotions to their current clients. The insured company intended to attach a promotional flyer but instead attached a spreadsheet which contained a list of customer names, addresses and credit card information.
The lawyers for the retailer advised them to notify all affected customers and offered credit monitoring support after the fallout. Several of the affected customers brought civil proceedings against the retailer.
Outcome
The retailer lodged their cyber insurance claim which covered the credit monitoring and customer notification costs which totalled $150,000 with legal fees and settlements adding another $250,000.
Total cost to the business was approximately $400,000
Cyber Insurance Could Save Your Business.
Conclusion
From most reports it is only a matter of time rather than a matter of being secure or not. We will continue to publish more cyber insurance claim examples each month.
Comments
Not found any comments yet.