2. Common Misconceptions About Cyber Insurance
“ My company is not exposed to cyber attacks”
“We outsource so I have no risk”
“Cyber attacks are only a problem for big companies”
“Cyber Insurance is too expensive, I have no budget”
3. Chubb’s Global Cyber Practice
4. Too small to fail?
6. Chubb’s Three Year Average Cost of First Party Expenses following a cyber event
Legal Costs Forensics Notification/Call
Credit Monitoring PR/Crisis Response
63% of Chubb’s reported
incidents are less than 100
7. Chubb’s Exposure
Statistics by Triggers
Over the Last
Human Error, 24%
Privacy Violations, 19%
Lost/Stolen Devices, 15%
8. “I’ve got nothing they want”
Source: Symantec 2019
▪ Fake ID, Drivers License Passport
▪ Hacked emails accounts
▪ Scans of Real Passports
▪ Custom Malware ( ex banking trojans)
▪ Cash redirector service
▪ Stolen Cloud Accounts
▪ Ransomware toolkit
▪ $25 to $5,000
▪ $1 to $15
▪ $1 to $35
▪ $5 to $200
▪ $5 to 1% of value
▪ $2 to $12
▪ $0 - $250
10. Cyber Enterprise Risk Management
Case Study 1: Ransomware attack
With the servers down, the Insured
was unable to fulfil their clients’ orders.
Business interruption loss was estimated
to cost over $250,000 a day. The hacker
demanded a ransom to decrypt each
server, with the ransom amount
increasing if payment was not made
within 2 days.
The Insured is a
in the advertising
industry, with an
annual revenue of
Day of Incident
During the weekend,
a malicious file infected the
company's servers and all files
including artwork, historic and
current project data were affected.
The Insured reported
the incident, and
spoke to the Incident
on the same day.
An IT forensics firm
11. Chubb's Incident Response
Team assisted the Insured with
a mitigation strategy by
identifying less business-critical
servers that could be restored
from backups, and negotiating
the ransom amount to release
10 Days from Incident
100% of operations restored.
The IT Forensics provided an
incident report to the Insured,
with recommendations to
improve cyber security and
prevent future incidents.
Legal advisors assisted
the Insured with the
filing of a formal
criminal complaint as
well as other regulatory
3 Days from Incident
The response team removed the
ransomware from the affected servers,
allowing the company to operate at
70% of typical capacity. The response
team also engaged a crisis management
firm to assist with client communications.
12. This cyber incident was reported through Chubb's 24/7/365 Cyber Alert mobile application,
and the following stakeholders were activated to provide a holistic response to the Insured's
Legal and Regulatory
Incident Response Manager
Case Study 2: Ransomware Attack, infected local drives
Description of Event
A construction company that outsourced its IT operations suffered a
ransomware attack because an employee clicked a malicious email
link, causing the company’s customer and project data to be encrypted.
The ransomware infected local hard drives and data that was backed
up online. Without access to the digital records, the company could not
operate its business as usual. Due to the failed attempts to negotiate
with the extortionist, additional costs were incurred to re-construct
and re-enter customer project records. This resulted in significant
downtime and major loss incurred to the business.
Coverage Triggers: Ransomware, Incident Response Expenses,
Data Asset Loss, Business Interruption
Case Study 3: Laptop Stolen Results In Invasion of Privacy
Description of event:
An energy company executive’s laptop was stolen from a corporate vehicle. The laptop
contained significant private customer and employee information. Although the file was
encrypted, the overall password protection on the laptop was weak and the PIN for accessing
the encrypted information was compromised.
After assessing the nature of the information on the laptop with a forensic expert and outside
compliance counsel at a cost of $50,000, the energy company voluntarily notified relevant
customers and employees and afforded call centre, monitoring, and restoration services, as
appropriate. While the additional first-party cost was $100,000, the energy company also
incurred $75,000 in expenses responding to a multi-state regulatory investigation. Ultimately,
Coverage triggers: Incident Response Expenses, Data Asset Loss, Privacy Liability,
Business Interruption, Recovery Costs, Regulatory investigation, Potential Payment Card Loss
15. Case Study 4: Unauthorised Access - Employee Accesses HR Site, Sells
Description of event:
A rogue employee accessed the human resource platform of a
professional service provider. The employee acquired and sold social
security information on the black market before being apprehended
by law enforcement. Thereafter, several cases of identity theft were
perpetrated against the professional service provider’s employees.
The professional service provider engaged a forensics investigator and
outside compliance counsel. It also notified employees of the breach,
established a call centre, and provided monitoring and restoration
services to impacted employees.
16. Client Profile
US$150k - US$200k
Case Study 5: Human Error
November 25, 2020
• The Insured outsources its data hosting to a third party company.
• One evening, before heading home, an engineer at the hosting location
turned off the Insured’s firewall, by accident
• The firewall remained turned off for a little over 12 hours, causing a
number of servers to malfunction, which led to discovery of the error
• The Insured’s broker notified Chubb directly.
• The Insured provided a project brief outlining the work that had to be
done (including forced shutdown to isolate the potential areas of
damage, installation and migration to a new host and determining the
extent of any malware attack)
• They sought Chubb’s assistance with identifying a suitable vendor and
agreement to the brief/budget
17. November 25, 2020
Response & Coverage
and advised next steps.
Following a sweep, it
was found that no
malware had been
Focus was on restoring
the data lost due to the
which data was
restored mainly via the
Insured chose to use
their own legal vendor
to assist with
of the incident to the
Policy responded to
• Incident Response
• Data & System
18. Chubb’s Cyber Incident Response Platform
Call our Hotline 24/7/365
Client report cyber event using any of the following methods
19. Insurance Coverage
There are first party and third party covers
Data and System Recovery **
Increased cost of work and other costs
to recover data, repair or restore software,
identify and remove malware, and to
recover business operations.
> Triggered by Business Interruption Incident.
Business Interruption **
Covers loss of net profit and continuing
operating and payroll expenses.
> Triggered by Business Interruption Incident.
Covers a cyber extortion payment and
the cost to hire a crisis negotiation
> Triggered by Cyber Extortion.
Privacy & Network Security Liability **
Defence and damages for claims arising from:
• Duty to maintain confidentiality of personal
or corporate information
• Duty to maintain a secure network for
Media Liability **
Defence and damages for
claims arising from improper
online media activity.
Costs to mitigate any cyber incident:
• Incident Response Manager
• IT Forensics
• Legal Advice
• Fraud Restoration
• Call Centre
• Public Relations
20. To be insured, or not?
59% do not
62% have never
or after an incident.
The role of Insurance
having a hands-on
would value the
ability to identify and
minimise the impact
of a cyber incident.