Our Client’s Data was Taken Hostage

October 11, 2018

Posted in Business Insurance by

The day after Christmas, December 26, 2017, my son and I were at home watching a football game when I got an urgent text message from one of our ONI Risk Partners clients. She told me their computer system was encrypted and locked down with a warning to pay a huge fee or lose control of their data. It was a classic case of cyber ransom.

Our commercial insurance advisors caution our clients about this potential risk daily. There are three cyber attacks every minute, 4,000 every day, and approximately 1.5 million attacks annually, and growing. Any business that holds or processes some sort of personal, confidential information is at risk for cyber extortion like our client experienced.

“There are three cyber attacks every minute, 4,000 every day, and approximately 1.5 million attacks annually, and growing.”

Our client, we’ll call her Sarah, manages a small non-profit organization in Southern Indiana. We first met Sarah when she was looking for advice on her property insurance. The non-profit was insured by another insurance advisor at the time, but as we reviewed their overall coverage needs, we discovered that the organization did not have cyber liability coverage in place (unfortunately, we uncover this critical coverage gap on a regular basis). After reviewing our recommendations, Sarah decided to change advisors and move the business to ONI Risk Partners, including the cyber liability coverage that we had suggested.

Our new relationship was uneventful until that day after Christmas.  As soon as I received Sarah’s text, I immediately contacted the insurance company, and a forensic data specialist was assigned to the case.  He began investigating how and where the breach occurred and what data was potentially compromised. The FBI was also contacted and advised our client not to pay the cyber ransom. Within two days after the incident, their system was back up and running. But, we didn’t stop there because the client needed confirmation they weren’t open to another attack. Our next steps were to:

  • Assess the risk of another attack
  • Determine the probability of another breach
  • Act on recommendations to strengthen the system moving forward

This post-attack review took about three months from start to finish.

Costs for this attack totaled approximately $30,000 to investigate, mitigate and resolve.  Sarah’s organization pays approximately $1,000 per year for cyber liability coverage. Without this important coverage, they would have spent at least an additional $29,000 out of pocket. It is especially gratifying that our client avoided significant cost and potential financial hardship as a result of our coverage review and placement of the cyber coverage.

“Without this important coverage, they would have spent at least an additional $29,000 out of pocket.”

 

“I don’t know what we would have done without ONI’s quick response and having access to cyber claim specialists throughout the settlement process,” Sarah said later. “I’m so happy you were able to help us through this difficult and potentially costly situation.  My thanks to the ONI Risk Partners team!”

Brian Hancock, Commercial Insurance Risk Advisor

Brian Hancock
Commercial Insurance Risk Advisor
brian.hancock@onirisk.com
812.421.2554