Common Cyber Insurance Claims that Could Happen to Your Business
With some types of commercial insurance, claims aren’t all that common.
… Cyber insurance is not one of those. Unfortunately, cyber insurance claims happen more often than you expect.
We’ve seen it first hand. At Berry Insurance, we offer cyber insurance from multiple carriers, so we’ve seen our fair share of cyber insurance claims.
To show you how cyber attacks can happen to your business (so you can take steps to prevent them) we’re outlining some possible scenarios of realistic cyber insurance claims in this article. Some are even based off of actual claims that our friends over at The Hanover Insurance Group passed on to us.
Ransomware attack
An increasingly popular type of cyber attack on small- and mid-sized companies, ransomware is when a cyber attacker takes over a company’s data and prevents them from accessing it, requesting ransom money in return for releasing it.
Here’s a scenario:
A manufacturing firm suffers a ransomware attack where its computers are taken over and data is encrypted. A $10,000 extortion demand is made to restore access to the data. If the ransom is not paid, the firm risks losing access to its proprietary design drawings.
The firm brings in a forensic information technology specialist who obtains proof that the data can and will be restored if the ransom is paid, and successfully negotiates the ransom down to $7,500.
The total cost of paying the ransom and the specialist is $35,000.
Data breach
Data breaches are another unfortunate scenario that happens to businesses often, simply because there are so many ways for it to happen! A data breach is the release of private or sensitive data, either intentionally or unintentionally. This can happen from an external attacker, or even by human error from an employee.
Here’s an example:
A professional service firm’s customer database is infiltrated by hackers and customer records are accessed and stolen. A consultant conducts a forensic analysis and determines that 60% of the 30,000 total database records have been breached. An attorney assesses the firm’s notification obligations under various state data breach notification laws. Notification letters are sent to the 18,000 impacted customers, offering them access to a helpline and identity monitoring solutions.
The total cost of the breach is close to $500,000.
Cyber theft
In some cyber attacks, the attacker can actually steal money from your company or employees through an act called cyber theft.
Here’s an example:
A cyber thief gains access to a contractor’s computer through a known vulnerability in the operating system. Using keylogger software, the criminal captures the keystrokes that are typed on the keyboard and can ‘see’ the contractor’s banking credentials.
The thief then uses these credentials to access the contractor’s accounts and transfers $50,000 to a new ‘payee’ that the attacker set up in the banking system.
Identity theft
Not only can hackers steal your money, they can also steal your identity. Identity theft is the act of using someone else's identifying information to commit some sort of crime.
Here’s an example:
A hacker infiltrates a small business’ data and steals social security numbers and other identifying information of the company’s employees. They then sell the information to the dark web to be sold to identity thieves.
The subsequent lawsuit defense and damages costs nearly $1 million dollars.
Virus download
It may be one of the last things you expect, but an employee could also be behind a cyber attack. With so many malicious links and attachments floating around the world wide web, it certainly isn’t impossible for an employee to stumble across a link with a virus and cause some serious damage.
Here’s an example:
An employee unknowingly clicks a malicious link in an email, which downloads a virus onto the company’s network. The virus destroys data, and even spreads to a few clients’ networks.
Damages from the lost data and client lawsuit cost nearly $1 million dollars.
Troubled employee
Remember how we just said an employee can be behind a cyber attack? Well believe it or not, they could actually cause an attack on purpose.
Here’s an example:
A disgruntled employee steals client account information from company files, and publishes it online. The company notifies the clients, who sue the company.
Total damages cost over $500,000.
Physical theft
I know what you're thinking … if we’re talking about physical theft, aren’t we no longer talking about cyber attacks? Well, not in all cases. Sometimes, physical actions and cyber attacks can go hand in hand.
Here’s an example:
An employee stops at the grocery store on the way home from work, leaving their work laptop in their car. Somebody breaks in and steals the laptop, which contains private information about some clients. The company notifies the clients, and some of them sue the company for damages.
The settlement costs $300,000.
Keep in mind, this doesn’t just have to happen with technology. Paperwork could also be stolen from work locations, or even the trash, so be sure to be cautious with any sensitive information, digital or physical.
Social engineering
Social engineering is the act of manipulating someone into sharing confidential information or performing certain acts. This is often done online with an attacker pretending to be someone else.
Here’s an example:
Someone poses as the company CEO and sends an email to the human resources department requesting all employee W-2s, then falsely files them.
Costs from the fallout exceeded $250,000.
Prepare for and prevent these common cyber attacks
Scared yet? We aren’t going to sugar coat things. There really are a lot of ways cyber attackers could target your business and cause detrimental damage.
But you don’t just have to wait in fear for one of these situations to happen to you. There are things you can do to protect yourself and your company. For one, there’s cyber insurance. But there are also some other actions you can take today. Check out this article Ways You’re Making Your Business Vulnerable to Cyber Attacks to make sure you aren’t making any common cyber mistakes.