In collaboration with GM Consultant, we present a case study to help you understand how cyber insurance works. As a consulting firm, GM Consultant has developed a specific expertise in cyber risks and cyber claims. Its managing director for the region, Timothee Grange, has offered to share some information about a cyber loss that has hit an Engineering Consulting firm, based in Hong Kong, a few weeks ago.
1. What is cyber insurance?
Cyber insurance protects businesses from risks relating to information technology infrastructures. One section includes first-party coverage against losses such as data destruction, extortion, theft, hacking. Whereas, the other includes third-party coverage indemnifying companies for losses caused to others following a data breach.
Once a cyber-attack has occurred, the key objective of the cyber insurance is to assist the insured to restart its activity as soon as possible. The insurance company will reimburse key expenses such as business interruption, forensics services, data or software recovery fees.
2. Case study
A Hong Kong based Engineering Consulting firm was the victim of a ransomware attack using their Remote Desktop Protocol as a vector to get in the Company’s network. As a result of the attack, all files were encrypted on both production and back-up servers. The Company took swift action by calling their Insurers’ hotline and got immediate support from pre-approved Incident Response Specialists: GM Consultant.
In the first stage, the GM Consultant team provided key mitigation measures to identify and contain the ransomware and secure data that has not yet being compromised. In the second stage, technical investigations were initiated to assess the vector used by hackers and the scope of the attack (number of impacted machines, type of data, risk of personal/confidential data being disclosed…).
The Incident Response Team then considered several options to recover the data including rebuilding data from scratch, decrypting Virtual Machines back-ups or initiating discussions with hackers to acquire decryption key.
In the end, the above steps, completed together with the cyber insurance company, have led to a full recovery of the data within 3 weeks.
All incident response services, forensics investigations, data recovery and business interruption related costs (around 30,000 SGD) were covered by the Company’s Insurance Policy.
More than the involved costs, it is important to notice that one of the added values of the cyber insurance is the access to immediate professional expertise. Without such insurance, the engineering firm would have probably lost several vital days before deciding which IT forensics to appoint in this situation. In consequence, the impact of the cyber-attack would have been considerably more damaging.
3. Why small and medium size businesses should buy cyber insurance?
In the same way that small and medium sized businesses are contracting fire insurance to protect their physical assets, the need to buy cyber insurance is an essential one, especially in this day and age where clients are more savvy about the need for cyber security.
First, cyber insurance will offer protection for data, IT network and internet web site. Second, cyber insurance is a great risk management tool. It includes several added value services such as incident response planning, risk assessment, breach response services or training.
Looking for cyber insurance
If you would like to speak to a business insurance expert in order to understand how cyber insurance works, please don’t hesitate to send us an email with your contact details.