AXA XL real-life cyber claims scenarios

AXA-XL-real-life-cyber-claims-scenarios

Authored by AXA XL

Cyber liabilities, and associated expenses, can devastate any business. A single cyber-attack in the US costs companies on average $8.19 million, according to the IBM 2019 Cost of Data Breach Report. Recent headlines have shown that there is no one industry or entity size that stands alone as an easy target for cyber criminals. Healthcare, manufacturers, media companies, retail operations, government agencies, and plenty of small businesses, among others, have all found themselves victims of cyberattacks. This past year, the cyber insurance market saw a significant increase in ransomware claims in both frequency and severity. Of these claims, there was a large increase on those in the manufacturing and chemical company sector as well as those attacks spreading to third party companies that had connected networks.

In 2019, we also saw our first eight figure ransom demand; and of our overall claims, social engineering and ransomware comprised more than over 60%.
Cyber claims do not always result from an attack by cyber criminals. The threat vectors are changing in terms of complexity and purpose. This results in a wide variety of claims triggering various coverages provided by AXA XL’s cyber insurance coverage.

Consider these scenarios, taken from AXA XL’s cyber claims files:

Financial services: Misdirected money
Total Payout: $225,000
Coverage Section: Data Breach Response and Crisis Management Coverage; Social Engineering Financial Fraud Endorsement

A financial services company was the victim of a social engineering event, which resulted in a fraudulent wire transfer of $200,000. Specifically, in June of 2018, the company transferred funds in connection with the closing of a property. The fund transfer was made pursuant to updated instructions that they allegedly received from their vendor. It was ultimately discovered that the wire transfer was fraudulent when the company was notified several months later by the intended recipient that they had not received the transfer. Coverage was triggered under the Data Breach Response and Crisis Management Insuring Agreement, as it was reasonably suspected that the company suffered an email compromise. The company retained privacy counsel and forensics to assist with investigating the incident.

Additionally, this incident triggered the Social Engineering Financial Fraud Endorsement. Approximately $225,000 was incurred in connection with these costs and the fraudulent transfer. It should be noted that this matter was also reported to the company’s Crime policy.


Hospitality: An inhospitable intrusion
Total Payout: $80M
Coverage Section: Data Breach Response and Crisis Management Coverage; Privacy and Cyber Security; PCI DSS Endorsement

This matter involves a credit card breach occurring at a hotel chain. Specifically, in September of 2016 and March of 2017 the hotel was notified by Visa of a potential credit card breach at the hotel. The hotel engaged a law firm who retained a forensics company to carry out a forensic investigation which identified a window of intrusion from March 2016 to October 2016, and November 2016 to April 2017, impacting approximately 315,000 credit cards. Total costs incurred were reflective of notification to affected individuals, defense costs and settlements and PCI fines and penalties.

Professional services firm: Taken for a ride by a temp
Total Payout: $350,000
Coverage Section: Data Breach Response and Crisis Management Coverage

A lawsuit was filed against our insured, who provides staffing services, arising from alleged damages sustained as a result of negligent work done by a temporary employee. Specifically, the company recommended a candidate to its customer to serve as their interim Chief Financial Officer. The client ultimately gave the temporary employee significant responsibilities and allowed her to overhaul their billing department and billing process. The client alleged that the employee was actually unqualified and caused approximately $1.75 million in damages, in part, because they failed to timely bill its customers resulting in the inability to collect money that was owed to them. Despite the demand, settlement was reached for $300,000 and additional costs incurred were reflective of defense costs.

Interested in reading more? Access additional claims scenarios from healthcare, tech/telecom, manufacturing, retail and other industries by downloading “Cyber claims: Real-life AXA XL claims scenarios” brochure.

To speak to some at AXA XL about Cyber insurance, CLICK HERE, leave a message and youTalk-insurance will pass your enquiry on.

 

CLICK HERE TO SIGN UP FOR OUR
FREE BI-WEEKLY NEWSLETTER

About AXA XL

AXA XL is the P&C and specialty risk division of AXA which provides property, casualty, professional and speciality products to industrial, commercial and professional firms, insurance companies and other enterprises, here in the UK and throughout the world. With underwriting teams based in the US, UK, EMEA and Asia Pacific regions, we can make decisions close to the markets you serve and work with you to tailor cover to your business needs.

We help businesses adapt and thrive amidst change. Rather than just paying covered claims when things go wrong, we go beyond protection into prevention so your business can go beyond the unexpected.

Latest video

AXA XL – Your global partner in risk

For mid-sized to multinational clients, AXA XL Insurance offers more than 30 lines of business across Property, Casualty and Specialty risk.From Risk Consulting to,... click here for more