Consider the following loss scenarios based on actual claims and then ask yourself whether you have adequate insurance in place.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Employee Breaches Internal Governance

 

Cause of action: Negligence, Procedure Breach leading to Business Interruption

 

Coverage triggers: Business Interruption, Data Asset Loss, Recovery Costs, Incident Response Expenses

 

Type of organisation: Retail Store

 

Number of employees: 20

 

Annual revenue: $5 million

 

Description of event: An employee at a hardware store ignored internal policies and procedures and opened a seemingly innocuous file attached to an email. The next day the hardware store's stock order and cash registers started to malfunction and business trade was impaired as a result of the network failing.

 

Resolution: The hardware store incurred over $100,000 in forensic investigation and restoration services. They also had additional increased working costs of $20,000 and business income loss estimated at $50,000 from the impaired operations.

 

Total costs associated with the event: $170,000

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Laptop Stolen Results In Invasion Of Privacy

 

Cause of action: Negligence, stolen laptop leading to an Invasion of Privacy

 

Coverage triggers: Incident Response Expenses, Data Asset Loss, Privacy Liability, Business Interruption, Recovery Costs, Regulatory Fines, Potential Payment Card Loss

 

Type of organisation: Energy firm

 

Number of employees: 100

 

Annual revenue: $20 million

 

Description of event: An energy company executive's laptop was stolen from a corporate vehicle. The laptop contained significant private customer and employee information. Although the file was encrypted, the overall password protection on the laptop was weak and the PIN for accessing the encrypted information was compromised.

 

Resolution: After assessing the nature of the information on the laptop with a forensic expert and outside compliance counsel at a cost of $50,000, the energy company voluntarily notified relevant customers and employees and afforded call centre, monitoring, and restoration services, as appropriate. While the additional first-party cost was $100,000, the energy company also incurred $75,000 in expenses responding to a multi-state regulatory investigation. Ultimately, the company was fined $100,000 for deviating from its publicly stated privacy policy.

 

Total costs associated with the event: $325,000

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Data Theft Results In Extortion, Business Interruption And Extra Expense

 

Cause of action: Breach of Contract and Negligence

 

Coverage triggers: Cyber Extortion, Incident Response Expenses, Data Asset Loss, Privacy Liability, Business Interruption, Recovery Costs

 

Type of organisation: Solicitor

 

Number of employees: 55

 

Annual revenue: $20 million

 

Description of event: An unknown organisation hacked a law firm's network and may have gained access to sensitive client information, including a public company's acquisition target, another public company's prospective patent technology, the draft prospectus of a venture capital client, and a significant number of class-action lists containing plaintiffs' personally identifiable information (PII). A forensic technician hired by the law firm determined that malware had been planted in its network. Soon after, the firm received a call from the intruder seeking $10 million to not place the stolen information online.

 

Resolution: The law firm incurred $2 million in expenses associated with a forensic investigation, extortion-related negotiations, a ransom payment, notification, credit and identity monitoring, restoration services and independent counsel fees. It also sustained more than $600,000 in lost business income and extra expenses associated with the system shutdown.

 

Total costs associated with the event: $2.6 million

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Manufacturer Pays For Invasion of Privacy By Intermediary Firm

 

Cause of action: Intermediary stealing personal information leading to Negligence and Invasion of Privacy

 

Coverage triggers: Incident Response Expenses, Data Asset Loss, Privacy Liability

 

Type of organisation: Manufacturer

 

Number of employees: 50

 

Annual revenue: $10 million

 

Description of event: A manufacturer leased a copy machine over a two-year period. During that period, the company made copies of proprietary client information and its employees' personally identifiable information, including pension account numbers, driver's license numbers and other personal identifiers. After the lease expired, the manufacturer returned the machine to the leasing company through an intermediary company. Prior to making its way back to the leasing company, a rogue employee at the intermediary firm accessed the machine's data for nefarious purposes.

 

Resolution: The manufacturer incurred $75,000 in expenses in connection with a forensic investigation, notification, identity monitoring, restoration services and independent counsel fees. It also incurred approximately $100,000 in legal defense.

 

Total costs associated with the event: $175,000

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Employee Accesses HR Site, Sells Personal Information

 

Cause of action: Negligence and Invasion of Privacy

 

Coverage triggers: Incident Response Expenses and Data Asset Loss

 

Type of organisation: Professional Services Firm

 

Number of employees: 25

 

Annual revenue: $7.5 million

 

Description of event: A rogue employee accessed the human resource platform of a professional service provider. The employee acquired and sold social security information on the black market before being apprehended by law enforcement. Thereafter, several cases of identity theft were perpetrated against the professional service provider's employees.

 

Resolution: The professional service provider engaged a forensics investigator and outside compliance counsel. It also notified employees of the breach, established a call centre, and provided monitoring and restoration services to impacted employees.

 

Total costs associated with the event: $75,000

MAS APPROVED BROKERAGE SINCE 2004

62217861

100 Peck Seah Street PS100 #08-09, Singapore 079333

©2018 BY AETNA INSURANCE BROKERS.

This site was designed with the
.com
website builder. Create your website today.
Start Now