In late May 2023, one of our clients encountered a ransomware incident that rendered their website inaccessible. Subsequently, they received a file listing from a malicious third-party email address, claiming to have exfiltrated approximately 98,000 files from the client’s file server, unbeknownst to them prior to this correspondence.
Fortunately, they held a Cyber Liability Policy with Chubb Insurance and in adherence with their policy conditions and our prior discussions and consultations, the client promptly contacted the Chubb Incident Response Hotline and an Incident Response Manager was swiftly assigned to the event, to aid the client in the recovery process and navigate any legal obligations regarding incident reporting.
Upon reviewing the file listing, it became apparent that personally identifiable information (PII), including sensitive data like tax file numbers, passport scans, and driver’s license scans, was compromised. Recognizing the severity of the breach and their obligations under privacy regulations, the client was advised to notify affected individuals and the Office of the Australian Information Commissioner (OAIC). Chubb, the insurer, assisted in this process and also engaged legal counsel in the US and UK to ensure compliance with regulatory notifications in each respective jurisdiction.
A forensic investigation was then initiated to ascertain the initial access point exploited by the threat actor. Findings suggested that the assailant likely gained entry through the client’s VPN.
Fortunately, the client managed to obtain decryption keys with the assistance of Chubb’s appointed IT vendor, successfully decrypting the compromised data across impacted devices and servers. Consequently, they opted not to engage further with the threat actor and did not pay the ransom.
However, in June 2023, approximately six weeks after the initial incident, the threat actor, identified as Akira, hinted at publishing the client’s documents, including sensitive information, on a dark web leak site. Despite the looming threat, the client chose not to engage further with the threat actor.
Chubb’s IT vendor continued to monitor the dark web and Akira’s activities closely for any potential data publication. As of now, there have been no further developments reported.
It was almost three months before the clients systems were back up and fully operational – a significant interruption to their otherwise expected and forecasted turnover.
The financial impact of the cyber incident was thus substantial, as evidenced by the detailed breakdown of costs (note these are real figures taken exactly from the claim in question):
- Emergency Initial Incident Response: $39,993.67
- Incident Response and Triage: $80,000
- Privacy Advice – Australia: $25,000
- Privacy Advice – Europe: $6,000
- Regulator Reporting – Australia: $25,000
- Regulator Reporting – UK & Europe: $27,500
- Communications Assistance: $25,000
- Dark Web and Media Monitoring: $10,000
- Threat Intelligence Support: $19,463.80
Recovery Costs:
- Decryption Assistance: $23,650
- Forensic Investigation: $37,125
- Remediation – Migration of Client’s Data onto New Servers: $18,111.80
- Data Acquisition and File Listing: $5,950
- IT Assistance: $18,439.68
Total Incident Response and Recovery Costs: $361,233.95
In addition to the direct costs incurred during the incident response and recovery phase, there are also business interruption (BI) losses to consider:
Business Interruption Cost:
- Forensic Accounting Fees: $7,000
- BI Loss Payment to Client: $620,608.55
Meaning – the total claim paid by Chubb to our client exceeded their $1,000,000 Policy Limit. Fortunately they had the Policy they did, otherwise of course the above costs would have had the potential to significantly undermine their businesses livelihood.
Overall, both the financial impact and the complexity of the triage process, underscores the significant expenses and complicated ramifications of cyber incidents, including incident response, recovery efforts, regulatory compliance, and business interruption losses. It highlights the critical importance of cyber liability insurance in providing financial protection and support to businesses facing the repercussions of cyberattacks.
We trust that this comprehensive breakdown provides valuable insight into the tangible and growing challenges faced in the cyber landscape today. As cyber incidents become more prevalent and sophisticated, it’s essential for businesses to be prepared in the face of potential threats.
Don’t wait until a cyber incident occurs in your business — reach out to our team today to fortify your cyber resilience and protect your business against the ever-growing threat of cyberattacks.
