As part of its recently released analysis of 2018 cyber claims, NAS Insurance provided some examples of some real claims scenarios that the company faced last year.
The insurer’s 2019 Cyber Claims Digest painted a sometimes worrying picture of the state of cyber crime, with hackers and opportunists creating havoc in the online world. Getting educated, and studying some of the key themes from last year, is key and will help insurance agents and their clients reduce and mitigate costly claims
Here, Jeremy Barnett, senior vice president of marketing at NAS Insurance, outlines two specific claims that NAS encountered in 2018.
Ransomware claim – A six-figure ransom demand
The client is a global visual, audio and collaboration solutions company. The issues began when an employee of the company opened an email that introduced the “Ryuk” ransomware virus into the insured’s computer system. Servers in the USA and Canada were confirmed to be affected with the possibility of servers in Australia, China and other countries also being affected. It is believed that up to 660 servers were affected internationally.
“NAS retained a global IT forensics firm to obtain a ransom demand, negotiate with the hackers and complete a forensic investigation,” Barnett says. “The original ransom demand was 130 bitcoins, or approximately $540,000, however, the IT forensics team was able to engage the hacker and negotiate a lower ransom of $425,000 which was covered by the Cyber Extortion insuring agreement in their NAS NetGuard Plus policy. Upon payment of the ransom, the forensics team was able to start decrypting the insured’s files.”
Cyber crime claim – Financial fraud
NAS’s insured, an investment advisory firm, received a routine email request to transfer $480,000 from someone purporting to be their client. An authorized employee at the advisory firm, presuming the request was legitimate, went ahead and processed the transfer. When the insured’s client was notified of the completed transaction, he immediately contacted the firm about the fraudulent transaction. It was determined that funds were sent to a cyber criminal.
“The insured had cybercrime limits of $1 million, subject to a $5,000 retention,” Barnett says. “The insured’s IT team conducted an investigation and confirmed that the email was a phishing email by a bad actor impersonating the insured’s client. Insurance did cover the costs of funds lost, outside of the $5,000 retention.”