Retailer – Cyber Insurance Claim 2

Retailer

16 staff

$5M turnover

Payment: $7,500

Background

The Insured received an invoice, purportedly from a known supplier, requesting payment for an outstanding debt. The Insured transferred $27,000 in accordance with the email instructions. The next week the Insured discovered that the email was fraudulent and payment had been made to a hacker.

Outcome

As the Insured did not have the optional Social Engineering cover under their policy, they were unable to claim for the direct financial loss suffered as a result of making the fraudulent payment. The Insured was able to claim for remediation costs in relation to the attack, given there was a threatened Network Security Event.

Payment: $7,500

Accountant – Cyber Insurance Claim 2

Accountant

5 staff

$2M turnover

Payment: $90,000

Background

The Insured’s director noticed that some documents on their server had been deleted. Further investigations were undertaken and it was discovered a hacker had been accessing the Insured’s system for the past 2 months.

Outcome

The Insured notified the insurer who hired an IT Forensic Consultant to review the Insured’s systems. It was discovered 800 client files had been accessed which included private details such as driver’s licenses and passport numbers. A specialist firm was appointed to monitor whether any client identities were stolen or sold as well as a law firm to advise on the data breach issues and draft a notification letter to all affected parties. It was determined that the Insured had to report the incident to the Privacy Commissioner and the appropriate steps were taken to secure the information they held. Remediation costs were also covered to rectify any issues with the Insured’s system.

Payment: $90,000

Media – Cyber Insurance Claim 2

Media

12 staff

$3M turnover

Payment: $41,000

Background

A hacker impersonated a client of the Insured, using an identical email address. The hacker emailed the Insured advising that future payments should be made to a new bank account. When the Insured was due to pay the client, they paid $41,000 into the fraudulent account.

Outcome

The Insured claimed against their Cyber policy which triggered the optional Social Engineering cover. Indemnity was granted for the direct financial loss suffered by the Insured.

Payment: $41,000

Hotel Chain – Cyber Insurance Claim

Hotel Chain

10 staff

$1M turnover

Payment: $30,000

Background

The Insured hired a contractor to perform works on one of their properties. The Insured received an invoice for $13,000 from the contractor. The following week the Insured received an email claiming to be the contractor, stating that their bank details had changed and provided the new details. The Insured subsequently paid the $13,000 into the ‘new’ bank account. A few days later the contractor followed up the Insured for payment for their works at which time it was identified that their emails had been compromised and the Insured had paid a fraudulent account.

Outcome

The Insured made a claim on their Cyber Policy and after conducting investigations, indemnity was granted under the optional Social Engineering Fraud cover. The Insured was reimbursed for the direct financial loss suffered as a result of the fraud.

Payment: $30,000

Retailer – Cyber Insurance Claim

Retailer

16 staff

$5M turnover

Payment: $7,500

Background

The Insured received an invoice, purportedly from a known supplier, requesting payment for an outstanding debt. The Insured transferred $27,000 in accordance with the email instructions. The next week the Insured discovered that the email was fraudulent and payment had been made to a hacker.

Outcome

As the Insured did not have the optional Social Engineering cover under their policy, they were unable to claim for the direct financial loss suffered as a result of making the fraudulent payment. The Insured was able to claim for remediation costs in relation to the attack, given there was a threatened Network Security Event.

Payment: $7,500

Accountant – Cyber Insurance Claim

Accountant

5 staff

$2M turnover

Payment: $90,000

Background

The Insured’s director noticed that some documents on their server had been deleted. Further investigations were undertaken and it was discovered a hacker had been accessing the Insured’s system for the past 2 months.

Outcome

The Insured notified the insurer who hired an IT Forensic Consultant to review the Insured’s systems. It was discovered 800 client files had been accessed which included private details such as driver’s licenses and passport numbers. The insurer appointed a specialist firm to monitor whether any client identities were stolen or sold as well as a law firm to advise on the data breach issues and draft a notification letter to all affected parties. It was determined that the Insured had to report the incident to the Privacy Commissioner and the appropriate steps were taken to secure the information they held. Remediation costs were also covered to rectify any issues with the Insured’s system.

Payment: $90,000