When a Cyber breach occurs, a proper cyber insurance policy will cover the range of expenses that arise. These include: identifying and solving the breach, recovering data, customer notifications, PR costs, possible credit monitoring expenses, legal expenses, potential fines from compliance regulators, extortion costs from ransomware, and general business interruption. All businesses - no matter how large or small - should have a stand alone Cyber policy as part of their insurance portfolio. If you think your business is immune to hacking, phishing, or cyber crime -- think again. Below are real-world examples of cyber claims that have occurred in businesses of all sizes.
SCENARIO 1: RANSOMWARE ATTACK
Type of Insured: Regional accounting firm
What Happened: A ransomware attack blocked access to the firm’s entire computer system while the attacker deleted files. After paying the ransom, it took several days to restore the company's applications and recover deleted files from its backup.
What Followed: The firm was unable to meet tax filing deadlines, and the company sustained brand and reputation damages
Coverages that Could Have Helped: Incident Response Expenses, Cyber Extortion Loss, Network Restoration Expenses, Business Interruption
SCENARIO 2: HR IMPOSTER
Type of Insured: Law firm
What Happened: A thief purporting to be the managing partner of the firm sent the HR payroll manager an email, requesting W2 forms of all 150 employees via PDF. The payroll manager realized the email address was spoofed too late, and sensitive information was sent freely to a third party with bad intentions.
What Followed: The law firm had to notify and provide credit and identity monitoring services to all of its employees in the wake of the incident.
Coverages that Could Have Helped: Incident Response Expenses
SCENARIO 3: CEO DECEPTION
Type of Insured: Brand Marketing firm
What Happened: A hacker was able to gain access to an employee’s email and sent new banking information to their client for payment of their invoice.
What Followed: The client paid the invoice using the fraudulent banking information, and the firm was out of the money.
Coverages that Could Have Helped: Social Engineering Fraud
SCENARIO 4: ACCOUNTS PAYABLE EMAIL FRAUD
Type of Insured: Construction firm
What Happened: The HR payroll manager received an email from the CEO to update banking information for her direct deposit paychecks. After a month of not receiving her paychecks, the CEO inquired only to find that the original request was sent from a spoofed address and her paychecks had been sent to a third party bank account.
What Followed: The company had to reimburse the CEO’s paychecks.
Coverages that Could Have Helped: Social Engineering Fraud