The liabilities associated with cyber exposures can devastate any business. A single cyber-attack in the US costs companies on average $7.91 million, according to the 2018 Cost of a Breach survey conducted by the Ponemon Institute and IBM. In the 5th Annual Ponemon study, the most expensive data breach event included cost a company nearly $31 million to resolve while the least expensive total cost of data breach for a company included in the study was $750,000. Not to mention the potential reputation damage, loss of customer trust and more that can occur after a cyber event.
Recent headlines have shown that there is no one industry or entity size that stands alone as an easy target for cyber criminals. Manufacturers, media companies, retail operations, government agencies, and plenty of small businesses, among others, have all found themselves victims of cyberattacks. Cyber claims do not always result from an attack by cyber criminals. The threat vectors are changing in terms of complexity and purpose and result in a wide variety of claims trigger various coverages provided by AXA XL’s cyber insurance coverage.
Consider these scenarios, taken from AXA XL’s Cyber Claims files:
Financial Services: An act of embezzlement Total Payout: $3.5M Coverage Section: Professional Services
This matter involved a holding company with subsidiaries that provide a variety of financial services. Three of the Company’s subsidiaries provided services in connection with an investment fund. The fund was ultimately being run as a Ponzi Scheme and the fund manager stole over $20 million from the Fund, which resulted in approximately six claims. Three of the claims made against the three subsidiaries alleged “wrongful acts” in their “professional services” as defined by the policy. The allegations were generally that, if the Company had been doing its job properly, the fraud would have been detected sooner or would not have been possible, so they breached their agreements and failed to perform the services. The demand was in excess of $20M. Ultimately, a global settlement was reached for $3.5M.
Manufacturing: A pricey disagreement Total Payout: $750,000 Coverage Section: Technology Products and Services
A lawsuit was filed against a technology manufacturer alleging negligence and breach of contract in connection with their procurement of technology products and services. The Plaintiff alleged that the manufacturer was contractually obligated to provide products and services through a certain time period. The manufacturer disagreed. The Plaintiff alleged that failure of the manufacturer to procure their products and services resulted in the Plaintiff losing business and defaulting on their contracts which incorporated the use of the insured manufacturer’s products and services. Due to the potential liability and exposure in this situation, early resolution was sought unsuccessfully. However, once the motion for summary judgment was filed, again early resolution was attempted and ultimately, after both expert reports presented their findings on damages, the matter was settled for $500,000 (total payout includes defense costs in this matter as well as settlement).
Media: Inside Job Total Payout: $400,000 Coverage Section: Data Breach and Crisis Management Coverage
An online media company was contacted by the FBI informing them that a hacker used a former employee’s credentials to access their network and steal 1.7 million email addresses and passwords of users of the website. Coverage was provided under the Data Breach and Crisis Management Insuring Agreement. Legal, notification, and forensics costs incurred totaled $400,000.
When tech is the target: cyber risks for tech companies
May 22, 2019
In a world in which cyber attacks are increasing in frequency and severity, companies rely heavily on technology to secure their data and systems. But what if your company is a tech company? What are the risks if your business model is to create business applications, cloud services, or even cyber security
Cyber Prevention: Staying ahead of the phishers, vishers and smishers
March 18, 2019
It starts with a phone call, a click of a link, a request from the CFO, a customer locked out of an account or a vendor complaining about a missing payment.
These attempts are just a few of the many ways in which ransomware, phishing, and other cyber attacks are launched. Seemingly everyday activities
Cyber liability is fast becoming the last frontier of the insurance world.
Hackers and cyber thieves are growing in number and in the sophistication of their attacks. Attacks that do not require hackers to directly breach systems – fileless attacks – are ten times more likely