Cyber Threat - Claim Stories
The hard realities of a cyber event.
We've included some examples below (courtesy of The Travelers Insurance Companies Inc) of a Cloud Hack, Online Ordering Shut Down, Phishing Email and Website Vulnerability. Contact us for more information on coverage available to protect yourself and your business.
Company Profile: Construction Company with offices nationwide
Cloud Hack: A national construction company used a third-party cloud service provider to store their customers’ personal information. The cloud provider suffered a major data breach, compromising the Personally Identifiable Information belonging to thousands of the construction company’s customers in several states. As the owner of the data, the construction company had a legal obligation to provide an adequate and timely notice. The Attorneys General in several states instigated a regulatory investigation against the Company to determine whether they responded appropriately to the breach in accordance with various state laws. As the construction company did not have a document retention procedure and stored far more data than was required, the Company was obligated to notify over 10,000 past and present customers that their company’s data had been compromised. In addition they had to pay defense costs associated with defending the regulatory investigation.
According to the NetDiligence® Data Breach Cost Calculator* the estimated costs for this event for the construction company could be:
An average event of this type could drive the average costs up to $1,860,000 for a business.
Risk Management Tips:
Know where confidential information is stored, whether internally or with a vendor.
Understand vendor’s network security controls and any contract language involving data liability.
Have a document retention procedure in place to only store information that is necessary.
A clothing and accessories manufacturer
Online Ordering Shutdown: A clothing and accessories manufacturer with an online ordering system that supports 50% of their revenue suffered a data breach. The FBI notified the company that a hacker they had arrested had the credit card numbers of 500,000 of the company’s customers in his possession. After hiring a forensic investigator it was determined that the cybercriminal had compromised the online shopping carts over a 6 month period of time. The hacker was able to steal names, addresses, credit card numbers, expiration dates, card security codes and email addresses.
The Payment Card Industry Agreement required the manufacturer to hire a certified forensic investigator to examine the Company’s systems and related infrastructure. The Company incurred significant costs as they had to notify the affected customers as required by state law and they offered one year of free credit monitoring. The Company hired a public relations firm to maintain customer confidence and limit reputational damage. The Company was also subject to regulatory fines and penalties.
According to the NetDiligence® Data Breach Cost Calculator* the estimated costs for the manufacturer could be:
An average event of this type could costs up to $2,426,000 for a business.