Email us

1300 62 80 80

Get A Quote

Not for Profit – Cyber Insurance Claim

Cyber, Not for Profit

Not for Profit

12 staff

$9.2M turnover

Background

The Insured engaged a third party supplier for assistance in marketing their organisation and gathering donors’ information; including names, emails and phone numbers. The Insured was advised that the third party supplier’s system was breached and data had been lost.

Outcome

The Insured notified DUAL who appointed a law firm to advise in relation to the Insured’s privacy legislation obligations. The Insured did not have to report the incident to the Privacy Commissioner based on individual circumstances and the IT data they had available to them. Payment was made in relation to the legal costs.

Payment: $5,900

Property Developer – Cyber Insurance Claim

Cyber, Real Estate

Property Developer

15 Staff

$19M turnover

Background

Following the sale of 2 properties, the Insured was required to make a payment of $400,000 to their property consultant. On the day the payment was due, the Insured received an email from the consultant advising their banking details had changed.

The Insured requested that this be sent to them in writing on the consultant’s letterhead which they received, including the signature of the director of the consultancy company. The Insured was later chased by the consultant for payment at which time it was discovered that the email and letter had been fraudulent. The Insured contacted their bank to stop the payment and were informed that the money had already been withdrawn and transferred overseas.

Outcome

The Insured made a claim on their Cyber policy which triggered the optional Social Engineering cover. DUAL appointed an IT forensic consultant who identified that the hacker had infiltrated the consultants system and intercepted correspondence between the Insured and the consultancy firm. The Insured was reimbursed for the outstanding funds (capped at the Social Engineering sub limit of $250,000).

Payment: $250,000

Hotel – Cyber Insurance Claim

Hotel – Cyber Insurance Claim

Cyber, Real Estate

CFC have kindly shared their latest cyber claim study called ‘Search Engine Set Back.

It tells a story how a hotel’s website was affected by malicious code stemming from a cryptojacking attack, resulting in lower search engine ranking results for the hotel’s website.

The key takeaways are as follows:

• The impact of a cyber event can last longer than we usually think. Many people assume that if your website or other computer systems get taken down or disrupted by a cyber event or system failure, then you only need to restore the affected systems in order to halt any potential business interruption loss. But this claim illustrates that even when a website has been restored to its full functionality, a return to normality is not guaranteed. In this case, the hotel was still seeing lower search rankings and reduced bookings even after the website was cleared of malware.

• The above point is important from a cyber insurance perspective because of the way indemnity periods vary from policy to policy. Some cyber policies will only reimburse policyholders for the financial losses incurred during the period that systems are down (in this case that would be the time during which the website was disrupted by the malicious code). Other policies will reimburse policyholders for the financial losses incurred while systems are down, plus an arbitrary number of days after computer systems are back up and running. And some policies, such as CFC’s, will continue to reimburse policyholders after systems have been restored to their normal functionality, up to the point where policyholders are back in the same financial position that they would have been in had the cyber event or system failure not occurred. This is a key distinction because a business can continue to be affected financially even after its systems have been restored, and any policy that doesn’t cover this could leave the business financially exposed.

• This claim also illustrates the increasing dependence that most modern businesses have on their digital assets, whether that be their electronic data, software programs or websites. In this case, although the hotel wasn’t completely reliant on its computer systems to operate, it did depend on its website for a substantial portion of its bookings. When that site was badly affected by malicious code, the website’s search engine ranking was impaired and the hotel saw fewer bookings as a result. With more and more businesses relying on their digital assets to generate revenue, having a cyber insurance policy in place can provide a valuable safety net in the event that these digital assets are damaged or become inaccessible.