|Privacy protection against third party claims for loss of employee/personal/corporate information|
|Lost damaged or destroyed IT systems, IT records and ITdata|
|Business interruption caused by a cyber event that affects profits|
|Liability arising from hacker attack or virus|
|Protection against libel, slander or defamation|
|Liability arising from hacker attack or virus|
|Infringement of copyright, trademarks & trade names|
|Breach of statutory duty from eCommerce Business|
|Costs of negotiating, mediating due to an extortion attempt|
|Fines and penalties incurred due to a privacy breach as well cover for your defence and investigation costs|
In the event of a Cyber event, loss or claim contact the CGU CYBER INCIDENT RESPONSE TEAM on 1800 696 773 or email CGUcyberclaims@nortonrosefulbright.com
CGU Cyber Defence has a 24/7 incident response team ready to manage all cyber incidents and data breaches from initial notification through to resolution. Our team includes IT forensic investigators, lawyers, credit monitoring specialists, public relations consultants and call centre / mail house services.
A retailer emailed a group of customers to promote a sale with special discounts available to them. The retailer intended to attach a copy of the flyer detailing the discounts but instead attached a copy of a spreadsheet that contained a customer list, including customer names, addresses and credit card information. RESULT The retailer was required to notify all affected customers of the error and offered credit monitoring services. Several of the affected individuals began legal proceedings against the retailer. The notification and credit monitoring costs totalled $50,000, and the amount to settle the legal proceedings with the retailer’s customers combined with the associated legal costs and expenses totalled $100,000. CGU SOLUTION CGU Cyber Defence Insurance Policy provides coverage for breach of privacy which includes legal costs, indemnification of third parties and crisis management costs.
A transport company discovered its servers had been infiltrated by an unidentified third party, allowing the third party to access files. This included accessing personal identifiable information including credit card information. Unauthorised and fraudulent transactions were made on the transport company’s customers’ accounts in multiple states and countries. RESULT The transport company was required to notify all affected customers, their personal information had been compromised and offered affected individuals credit monitoring services. The transport company was also concerned about the possible reputational damage they could suffer, so a public relations expert was brought in to assist. • The breach resulted in costs and expenses of approximately $100,000 to identify the affected individuals, notify them, set up a call centre and respond to customer enquiries. • Another $150,000 was incurred in legal costs and expenses to determine reporting requirements and respond to regulatory investigations into the privacy breach. In addition $29,000 was spent on IT forensics costs incurred to restore the data and stop the breach, and a business income loss of $250,000 was also suffered – totalling $529,000. CGU SOLUTION CGU Cyber Defence provides coverage for all elements of the loss including customer notification costs, establishment of call centre for customer support, credit monitoring expenses, brand protection costs and business interruption loss.
A leading provider of Managed Services including IT platform hosting, infrastructure and support services to numerous customers, experienced a cyber attack where malicious software was implanted and ‘masking techniques’ were used on the company’s mainframe. As a result, the company’s customer data was stolen. RESULT It cost over $2,100,000 to resolve the issue including $1,200,000 incurred for data recovery and business interruption loss. CGU SOLUTION CGU Cyber Defence provides coverage for the cost of the data recovery and the loss of profits caused by the business interruption.
A company accountant of a local manufacturing firm received an email from her boss asking her to transfer $120,000 to a supplier abroad. Because this was a common type of request, she processed the payment before realising that the tone of the email wasn’t right and the domain name was a single letter off. Upon further investigation, it was found that cyber thieves had infiltrated their systems and grew knowledgeable enough about company dealings to send a convincing phishing email that lost the company thousands of dollars. RESULT The company lost the $120,000 and incurred costs to secure their IT system. CGU SOLUTION CGU Cyber Defence provides coverage for the loss of money caused by phishing scams and the costs to secure IT systems.
A hotel started a blog to convey information to customers and the public. The blog page contained a logo/image that was similar to a design that had been copyrighted by another entity. That entity sent a letter demanding the company remove the image. Negotiations between the parties failed and the other entity began legal proceedings against the hotel. RESULT The entity (plaintiff) demanded more than $5 million in damages. Defence costs and expenses incurred so far exceeds $1 million, and the case has not yet gone to trial, so it’s expected these costs will increase. CGU SOLUTION CGU Cyber Defence provides coverage for breach of copyright under the Multimedia Insuring Clause.
An IT company misplaced multiple drives that contained personal information for over one million customers. It was unknown whether the drives were lost, stolen or destroyed. The IT company was required to notify the affected individuals, as well as the privacy regulator. The regulator conducted an investigation into the incident and fined the company for failing to have appropriate safeguards in place to protect customer information. RESULT The company incurred legal fees of $1,000,000 in connection with the regulatory investigation and defending legal actions brought by affected customers and for the costs and expenses in notifying customers their personal information had been lost, stolen or destroyed. The company was also fined $75,000 by the privacy regulator. The total loss to the company exceeded $5,000,000. CGU SOLUTION This type of scenario triggers multiple Insuring Clauses under the CGU Cyber Defence policy including privacy fines and investigations.
A leading software provider breached its obligations to Australian customers when hackers broke into its systems in 2013 and made off with loosely encrypted passwords and credit card details. The Australian Privacy Commissioner investigated the issue and ruled the company failed to take ‘reasonable steps’ to protect the personal information of 1.7 million Australians to the level demanded by domestic privacy legislation. RESULT The company engaged the services of a public relations consultancy firm to limit the brand/reputation damage associated with the findings. CGU SOLUTION CGU Cyber Defence provides coverage for the costs associated with regulatory privacy investigations and costs to engage a public relations firm to protect the company brand.
A small accounting firm’s client records were locked by ransom software. The company was only able to get files released after paying a ransom of $50,000 to hackers. RESULT The firm contacted law enforcement and working with law enforcement, determined the payment should be made. • $150,000 was paid for business interruption loss, the ransom demand ($50,000) plus consultants costs to advise on handling and negotiating the ransom, and the costs to restore the network as the hackers refused to release the files despite the ransom payment. CGU SOLUTION CGU Cyber Defence provides coverage for the payment of extortion monies and costs involved in negotiating, mediating and crisis managing to end the security threat. CGU1920