The most common cyber claims, currently, are for:
• Stolen funds
• Stolen data
• Damaged digital assets
In fact, over 95% of cyber claims fall into these three categories.
Without cyber insurance, attacks like these can be a big problem for a small business. So, what sort of damage are we talking here? And how does your cyber liability insurance policy help?
The best way to show you is with some real claims examples. (We’ve changed the names of the companies and people involved, obviously.)
Most common cyber claim #1 — stolen funds
These days nearly every business moves its money around electronically. Unfortunately, that makes it much easier for cybercriminals to steal. And one of the ways they do it is via social engineering.
Here’s what happened last year to a nursing home, which fell victim to what’s called a CEO scam.
CEO scam — wire transfer fraud
While the CEO was on a week’s vacation, Karen got an email from her. It seemed legit. It came from the right email address. It even addressed Karen as ‘K’, like her boss always does.
In the email, her boss said she’d received a reminder about an outstanding invoice. She’d forgotten all about it, apparently, and now payment of $46,564 had to be made today. Please could Karen transfer the funds right away?
Now, Karen didn’t want to bother her boss by double-checking. She was on vacation, after all. So, she made the payment. The next day, another email from her CEO arrived in her inbox. This one asked her to make a payment of $37,644 to another account. Karen quickly made that one too.
They only discovered the scam a week later when the CEO was back in the office and Karen happened to mention the payments in passing.
Of course, they reported the incident to law enforcement and one of the banks managed to get $600 back. But the rest of the money was gone. Leaving the nursing home around $83,000 down.
Luckily, they had a cyber liability policy. They reported the theft of funds to our incident response team who were able to recover most of the money. The team also looked into how this scam had happened.
Turns out the CEO had a weak password which the hackers managed to crack. Once they’d gotten into her email account, they spent time looking through past emails and even checked her calendar.
Using a computer program to make the spoof email look genuine, they tried the scam the week they knew the CEO was on vacation. And when their first email paid off, they did it again the next day.
Most common cyber claim #2 — stolen data
Names and addresses stored on a computer network are worth more money than you think. Data is valuable. And if something has value, then it’s worth stealing.
Data theft
Hackers recently targeted one of our policyholders, a private healthcare clinic. They stole patient information and then threatened to post the data on a public website unless the clinic paid a ransom of $13,220 in Bitcoin.
As the clinic’s IT team wasn’t sure how to help, the owner contacted our cyber incident response team.
The team was able to advise the clinic owner what to do to fix the immediate vulnerability. They then engaged a local IT forensics specialist who visited the clinic and started verifying the hackers’ claim.
It turned out that data relating to 3,000 patients had been compromised, but it was a database containing names and addresses only. The hackers hadn’t gained access to any sensitive medical information.
Because of this, they decided not to pay the ransom demand. Instead, the team connected the clinic with a crisis communication consultant.
Even though no sensitive data was stolen, to avoid any damage to its reputation, the consultant advised the clinic to notify affected patients. She helped them word the email correctly and made sure they sent it out quickly.
The clinic’s cyber policy covered the cost of the IT forensics expert and the crisis consultant (around $20,000). The clinic paid nothing — aside from their deductible — for the service. And since then, they’ve heard nothing more from the hackers.
Most common claim #3 — damaged digital assets
Any business which relies on its IT system to operate on a daily basis is likely to pay up if their system’s held to ransom. Cyber criminals know this. And play on it.
To make things worse, even after paying a ransom, businesses are often left with unusable systems that prove expensive to fix.
Now you might think that if you don’t use your computer system to carry out your day-to-day work, your business won’t be a target for these kinds of attacks. Sadly, you’d be wrong.
One of our policyholders is a small electrical firm which installs and maintains electrical systems for private individuals and companies. Aside from the front line work their electricians do on a daily basis, they also have an office for admin and accounts.
Six months back, one of their employees (we’ll call him Kevin) got an email from someone looking for a job. They’d attached a resume to the email.
Now, Kevin knew they weren’t looking to take on any new hires at that time, but his curiosity got the better of him. He clicked on the attachment and opened it.
Unfortunately for Kevin, the attachment contained a type of ransomware. As soon as he opened it, it encrypted all the firm’s computer systems and demanded $5,000 to decrypt the data.
Immediately they realized what had happened, the firm reported the incident to our response team. Now normally, the team would be able to help by recovering everything from a back-up. But because the company’s back-ups hadn’t been saved externally, these too were encrypted.
Held to ransom
This left no option but to pay the ransom.
The response team negotiated with the cybercriminals responsible for the attack and reimbursed the ransom. They got the decryption key and started decrypting the affected programs.
The whole process, from demand to decryption, only took a few days. But during that time, running the business was tricky.
Because they were locked out of the firm’s system, staff had to do their jobs manually. That meant writing customer quotes and orders for equipment and supplies by hand.
And because their invoicing and accounting system was down, the firm couldn’t take credit card payments either. They had to tell customers they’d come back to them for payment at a later date.
Damaged system
Although the decryption process was successful not all the firm’s computer programs emerged unscathed by the attack. Despite numerous attempts to restore it completely, it was still not performing correctly a month later.
In the end, to get the business up and running properly again, the firm had to move over to a new system. Unfortunately, that meant paying employees to work overtime – some 1,572 hours in total – to manually re-enter data. They also had to hire temporary staff to help.
The cost of this major data re-entry came to over $58,000. Which, on top of the $22,500 it cost to deal with the initial ransomware incident, brought the total claim costs to over $80,000.
Dealing with a ransomware attack is rarely just a matter of paying up followed by business as usual. When ransomware damages your system irreparably, the cost to your business, as this claim shows, can be much, much more.
How a cyber policy helps
But it’s not just money a cyber-attack costs you, it’s time. And if an incident’s not handled correctly it can end up costing you more of both. Then there’s the damage it can do to your reputation, too.
A cyber policy doesn’t just cover the costs of recovering from a cyber-attack. It helps you through one, providing you with the tools, the support and the technical know-how.
Cyber insurance can’t stop an attack. But it does mean you’ll recover from one.
Find out more about our cyber liability insurance policies here. Or call us at 978.344.4215. We’ll be happy to talk you through your options.
cyber claimsdata breachransomware