business cyber insurance

Cyber Event Protection solution

The Incident Response team promptly engaged trusted experts to help respond to the incident. Firstly, a Digital Forensics & Incident Response expert investigated and secured the environment, identified the incident’s root cause, and assisted with security recommendations. Legal counsel then advised on legal obligations, reviewed the compromised data, and facilitated notifications and reporting. Crisis Communications experts managed external communications to minimise damage to the reputation. Professional Identity support services aided affected individuals and redirected inquiries for a focused incident recovery. These costs are covered under our Cyber Event Protection policy as Section C Cyber Event Response Costs.

Cyber Event Protection solution

A phishing-related account compromise was identified, and legal costs were incurred obtaining advise on legal obligations including reporting the breach. Our Cyber Event Protection policy covered the legal costs, digital forensics and incident response costs under Section C Cyber Event Response Costs. The optional Criminal Financial Loss cover compensated the insured for direct financial losses from altered client payments. 

The Emergence Incident Response team guided the insured through the process, advising the implementation of a two-step payment approval process whenever changing existing payments details.

Cyber Event Protection solution

The Emergence Incident Response team promptly advised the insured to report the fraudulent transaction to the bank for potential recovery and recommended checking email systems for
compromise. Despite efforts, the funds remained unrecoverable. Under the optional Criminal Financial Loss cover, the insured was compensated for the socially engineered theft, as the electronic transfer led to a direct financial loss covered by the policy.

Cyber Event Protection solution

The Emergence Incident Response team took immediate action to engage a Digital Forensics expert to investigate and secure the insureds environment. The root cause of the incident was
identified, and security recommendations were provided. The digital forensics costs were covered under Section C Cyber Event Response Costs. The investigation revealed the compromise was limited to the reception mailbox and no medical data was impacted. The Emergence Incident Response team drafted communications to reassure clients their medical data was safe.

Cyber Event Protection solution

A number of experts were appointed to assist the insured, with those costs covered under Section C of the policy. Digital Forensics investigated the root cause and secured the IT system. Crisis Communications experts managed media attention and internal communications. Ransom Negotiators engaged with the threat actor, significantly lowering the ransom payment, and
ensuring compliance with sanctions checks. Emergence Incident Response team triaged and guided the experts to successfully restoring the practice’s IT system.

Cyber Event Protection solution

Forensics investigated the incident, discovering a third-party application in their Microsoft environment, which had the ability of copying the entire mailbox. Legal counsel was retained
to provide privacy advice, draft notifications to relevant government bodies and individuals and conduct an eDiscovery. The insured received support in issuing notifications along with IDCARE to support affected individuals.

Cyber Event Protection solution

Forensics experts were engaged to understand initial access, the extent of the incident, and actions performed by the threat actor. Legal counsel provided privacy advice and assisted with
communications with stakeholders. Ransom negotiators managed the communication with the threat actor. They were able to efficiently communicate and negotiate with the attacker, who
provided the decryptor for free and additionally, was no longer seeking ransom payment. All above costs were covered under the policy - Section C - Cyber Event Response Cost.

Cyber Event Protection solution

We engaged Digital Forensic investigators to investigate the extent of the compromise and actions taken by the threat actor. They determined 6 additional mailboxes had been compromised and 1 mailbox had been exfiltrated. Legal counsel were retained to conduct a review of the data in the mailbox, provide advice on privacy obligations, and draft notifications to affected individuals and the OAIC.

All above costs were covered under the policy Section C – Cyber Event Response Costs.

The insured has a number of entities across VIC & NSW involved in planning, architecture and interior design. A Russian ransomware group gained access to the insured’s IT, deleted the  backups and deployed ransomware on the insured’s network, encrypting all of their systems and data. They demanded a ransom payment of $USD350,000 in exchange for the decryption of data. The insured was unable to access any saved concepts, designs or documentation for work in progress, emails or their VPN. They were faced with the potential collapse of their business if they did not pay the ransom.

Cyber Event Protection solution

The IR team performed Triage of the Incident and engaged experts to assist, with those costs covered under Section C - Cyber Event Response Costs: 

Digital Forensics investigated and secured the environment, identified the incident's root cause, and assisted with security recommendations. Lawyers assisted with privacy act and reporting obligations and gave advice on legality of a ransom payment. Crisis communications experts managed communication with clients and stakeholders. A ransom negotiator conducted the negotiation with the threat actor, negotiating ransom demand down to USD$150,000. They also facilitated the payment of the ransom. Data securing and restoration costs incurred by Insured’s IT provider were also covered under Section C. The expertise of the experts we engaged, and subsequent data decryption to enable the Insured to continue operating. Section A – Losses to Your Business covered the significant business interruption loss suffered by the Insured. Over $900,000 of covered costs were paid under the policy.

A staff member of the insured was subject to a phishing attack, during which his email account credentials were harvested, allowing a threat actor to gain access. The threat actor sent emails to the Insured’s clients notifying of altered bank details and attaching invoices totaling over $290,000. One client was expecting these invoices and issued payment for them, resulting in these funds going to the threat actor’s bank account. When the threat actor attempted to request further payments that the client was not expecting they queried it with the Insured and the compromise was discovered. The Insured lost accounts receivable for $290,000 and the Insured’s client was unable to recover these funds via their bank. This hindered the construction process as it could not proceed whilst the matter was being investigated.

Cyber Event Protection solution

The Insured had already conducted significant investigations internally when lodging the claim. Our Incident Response team assisted in reviewing these investigations, discussing additional considerations such as privacy obligations. Expert assistance was not required as the compromise had been sufficiently remediated and no privacy obligations arose from the matter.

The accounts receivable were lost. The Cyber Theft optional cover under Section D – Criminal Financial Loss covered the insured for their loss of accounts receivable.