By Vincent Naples | Senior Account Manager | Risk Strategies
As the cyber landscape grows more volatile, it is important that show organizers and their firms secure themselves against a variety of cyber risks such as:
- Ransomware attacks and extortion demands.
- Loss of business income.
- Loss due to phishing and attempts to “dupe you out of money.”
- Loss of private data belonging to exhibitors, contractors and employees.
IAEE has teamed with preferred partner Risk Strategies on its new Cyber Asset Protection Insurance program that provides coverage for cyber incident expenses such as the cost for breach response, legal counsel and even public relations. Below are real-world case studies of how purchasing a cyber liability program saved others from costly events.
Ransomware
A Risk Strategies insured client unfortunately sustained a ransomware event in which 35 physical servers, 70-80 virtual machines and 250+ workstations were infected with malware. All of its services, including email, were halted due to the breach.
Once appointed, cyber lawyers and “breach coaches” performed forensic investigations into how the incident occurred and began negotiating with the bad actor. Originally, the bad actor demanded a more than $4 million ransom to return control over the client’s network and system. This ransom was negotiated down to $3.5 million. In turn, the client was provided a decryption key and received a promise that all stolen and copied data would be deleted. Forensics determined that over 500 individuals’ PII (personally identifiable information) was accessed, and credit monitoring was sent to those affected.
In total, insurers paid out more than $3.5 million to the client to become operable again. These costs included more than $150,000 for breach response coverages (attorneys, forensic IT and notification), more than $3 million for the ransom payment, and more than $50,000 for the business interruption incurred.
The cyber policy successfully guided the insured through the process of dealing with the incident and indemnified them for their loss.
Cyber Crime
Another Risk Strategies client sustained a major loss when a large transfer of funds landed in the incorrect bank account. A $1 million transfer was made to a bad actor due to a spoofed email with fraudulent payment information.
This specific bad actor gained access to the company’s emails and monitored its inboxes to gain insight into what types of transactions were being made. Once the individual grew familiar with the insured’s business operation, they set up a fake email account pretending to be one of the insured’s vendors. Once the payment was submitted and the insured realized that it was fraudulent, the insured alerted the bank and retained breach lawyers to guide them through the process.
Unfortunately, the bank was unable to recover the funds transferred to the bad actor. However, the client’s cyber policy responded to the incident. The client was reimbursed the policy limit of $250,000 for the fraudulent payment.
Be Prepared
Learn more by watching the Cyber Risk Management and Insurance: How to Protect and Manage Your Cyber Assets webinar here, which outlines ways to proactively defend against cyber threats and effectively mitigate potential damages. The webinar is free to IAEE members and available to non-members for $49.
About the Author
Vincent Naples is a Senior Account Manager within the Cyber Practice at Risk Strategies. As an expert in Cyber Liability, Tech E&O and Miscellaneous Professional Liability, Vincent provides strategy, advisory and placement services to his clients.
The views and opinions expressed by blog authors are those of the authors and do not necessarily reflect the official policy or position of the International Association of Exhibitions and Events®. Any content provided by our bloggers or authors are of their opinion. All content provided on this blog is for informational purposes only. IAEE makes no representations as to the accuracy or completeness of any information on this site or found by following any link on this site. IAEE will not be liable for any errors or omissions in this information nor for the availability of this information.
