Cyber claims scenarios ripped from the headlines
The liabilities associated with cyber exposures can devastate any business. A single cyber-attack in the US costs companies on average $7.91 million, according to the 2018 Cost of a Breach survey conducted by the Ponemon Institute and IBM. In the 5th Annual Ponemon study, the most expensive data breach event included cost a company nearly $31 million to resolve while the least expensive total cost of data breach for a company included in the study was $750,000. Not to mention the potential reputation damage, loss of customer trust and more that can occur after a cyber event.
Recent headlines have shown that there is no one industry or entity size that stands alone as an easy target for cyber criminals. Manufacturers, media companies, retail operations, government agencies, and plenty of small businesses, among others, have all found themselves victims of cyberattacks. Cyber claims do not always result from an attack by cyber criminals. The threat vectors are changing in terms of complexity and purpose and result in a wide variety of claims trigger various coverages provided by AXA XL’s cyber insurance coverage.
Consider these scenarios, taken from AXA XL’s Cyber Claims files:
Financial Services: An act of embezzlement
Total Payout: $3.5M
Coverage Section: Professional Services
This matter involved a holding company with subsidiaries that provide a variety of financial services. Three of the Company’s subsidiaries provided services in connection with an investment fund. The fund was ultimately being run as a Ponzi Scheme and the fund manager stole over $20 million from the Fund, which resulted in approximately six claims. Three of the claims made against the three subsidiaries alleged “wrongful acts” in their “professional services” as defined by the policy. The allegations were generally that, if the Company had been doing its job properly, the fraud would have been detected sooner or would not have been possible, so they breached their agreements and failed to perform the services. The demand was in excess of $20M. Ultimately, a global settlement was reached for $3.5M.
Manufacturing: A pricey disagreement
Total Payout: $750,000
Coverage Section: Technology Products and Services
A lawsuit was filed against a technology manufacturer alleging negligence and breach of contract in connection with their procurement of technology products and services. The Plaintiff alleged that the manufacturer was contractually obligated to provide products and services through a certain time period. The manufacturer disagreed. The Plaintiff alleged that failure of the manufacturer to procure their products and services resulted in the Plaintiff losing business and defaulting on their contracts which incorporated the use of the insured manufacturer’s products and services. Due to the potential liability and exposure in this situation, early resolution was sought unsuccessfully. However, once the motion for summary judgment was filed, again early resolution was attempted and ultimately, after both expert reports presented their findings on damages, the matter was settled for $500,000 (total payout includes defense costs in this matter as well as settlement).
Media: Inside Job
Total Payout: $400,000
Coverage Section: Data Breach and Crisis Management Coverage
An online media company was contacted by the FBI informing them that a hacker used a former employee’s credentials to access their network and steal 1.7 million email addresses and passwords of users of the website. Coverage was provided under the Data Breach and Crisis Management Insuring Agreement. Legal, notification, and forensics costs incurred totaled $400,000.
Interested in seeing more? Access additional claims scenarios from healthcare, tech/telecom, manufacturing, retail and other industries here, download “Ripped from the headlines: cyber claims scenarios” brochure.