2 Cyber Security Breaches: Don’ T Wait Until “If” Turns Into “When”
Time of loss: April 2016
Insured: Post-secondary education institution
Location: Ontario, Canada
Description of event: The insured lost an unencrypted laptop
with 644 records containing sensitive student information. The
costs outlined below were incurred and paid out by their cyber
insurance policy.
Case Study - Aon Client Claim Example
In today’s digitally connected business world, cyber and technology risks are no longer considered emerging
exposures. The financial security risks and reputational damage associated with the technology revolution
have made it crucial for organizations to establish a data privacy and cyber risk management strategy.
Cyber-attacks, in the best-case scenario, highlight the
weaknesses of an organization’s IT infrastructure and predict
future vulnerabilities. In the worst-case scenario, a cyber-attack
will shut down all operations, displace stolen data into
dangerous hands, and inflict financial losses on both an
organization and its clients.
Every organization should consider the impact of cyber
exposures by asking itself the following questions:
• Beyond traditional IT solutions, how are we protecting ourselves
from cyber risk?
• Are we able to identify and quantify the damages arising from a
cyber-attack?
Security budgets today address only a portion of the cyber
vulnerabilities organizations face, and often leave gaps in their
ability to confront a data breach. A dedicated cyber insurance policy
can assist in transferring risk, offering your organization a degree of
comfort when operating in today’s ever evolving digital era.
Insurance pay-out details
Scope of work Cost
Initial legal counsel $4,381.89
Insurer preferred legal counsel $44,430.42
Credit monitoring services $74,749.50
Cyber forensic services $50,897.46
1.800 Helpline services $32,609.54
Notice via email $1,586.27
Notice via printing/mailing $1,022.64
Total $209,677.72
Other claims examples
• Malware infects a company’s servers and an email containing
a virus attachment is sent out to the network’s contact list.
The virus, when opened by recipients, destroys a number of
their operating systems.
• An employee loses a laptop containing sensitive HR data,
including employee SIN and financial account information.
• A hacker accesses a company’s third-party ecommerce
service provider’s database and compromises payment card
information.
• The privacy commissioner opens an investigation against a
company after hundreds of customers complain to the
commissioner about their confidential information being
handled improperly.