Retail, Cyber
Retailer
16 staff
$5M turnover
Payment: $7,500
Background
The Insured received an invoice, purportedly from a known supplier, requesting payment for an outstanding debt. The Insured transferred $27,000 in accordance with the email instructions. The next week the Insured discovered that the email was fraudulent and payment had been made to a hacker.
Outcome
As the Insured did not have the optional Social Engineering cover under their policy, they were unable to claim for the direct financial loss suffered as a result of making the fraudulent payment. The Insured was able to claim for remediation costs in relation to the attack, given there was a threatened Network Security Event.
Payment: $7,500
Cyber, Accountant
Accountant
5 staff
$2M turnover
Payment: $90,000
Background
The Insured’s director noticed that some documents on their server had been deleted. Further investigations were undertaken and it was discovered a hacker had been accessing the Insured’s system for the past 2 months.
Outcome
The Insured notified the insurer who hired an IT Forensic Consultant to review the Insured’s systems. It was discovered 800 client files had been accessed which included private details such as driver’s licenses and passport numbers. A specialist firm was appointed to monitor whether any client identities were stolen or sold as well as a law firm to advise on the data breach issues and draft a notification letter to all affected parties. It was determined that the Insured had to report the incident to the Privacy Commissioner and the appropriate steps were taken to secure the information they held. Remediation costs were also covered to rectify any issues with the Insured’s system.
Payment: $90,000
Cyber
Media
12 staff
$3M turnover
Payment: $41,000
Background
A hacker impersonated a client of the Insured, using an identical email address. The hacker emailed the Insured advising that future payments should be made to a new bank account. When the Insured was due to pay the client, they paid $41,000 into the fraudulent account.
Outcome
The Insured claimed against their Cyber policy which triggered the optional Social Engineering cover. Indemnity was granted for the direct financial loss suffered by the Insured.
Payment: $41,000
Real Estate, Cyber, Hotels
Hotel Chain
10 staff
$1M turnover
Payment: $30,000
Background
The Insured hired a contractor to perform works on one of their properties. The Insured received an invoice for $13,000 from the contractor. The following week the Insured received an email claiming to be the contractor, stating that their bank details had changed and provided the new details. The Insured subsequently paid the $13,000 into the ‘new’ bank account. A few days later the contractor followed up the Insured for payment for their works at which time it was identified that their emails had been compromised and the Insured had paid a fraudulent account.
Outcome
The Insured made a claim on their Cyber Policy and after conducting investigations, indemnity was granted under the optional Social Engineering Fraud cover. The Insured was reimbursed for the direct financial loss suffered as a result of the fraud.
Payment: $30,000
Cyber, Retail
Retailer
16 staff
$5M turnover
Payment: $7,500
Background
The Insured received an invoice, purportedly from a known supplier, requesting payment for an outstanding debt. The Insured transferred $27,000 in accordance with the email instructions. The next week the Insured discovered that the email was fraudulent and payment had been made to a hacker.
Outcome
As the Insured did not have the optional Social Engineering cover under their policy, they were unable to claim for the direct financial loss suffered as a result of making the fraudulent payment. The Insured was able to claim for remediation costs in relation to the attack, given there was a threatened Network Security Event.
Payment: $7,500
