South Africa
Sign in
Personal
Business
Wealth
Manage your business 18 June 2021

Commercial Cyber Insurance case study

A Commercial Cyber Insurance policy is a vital link in your data security chain. This case study is an example of how a cyberattack might typically play out and how the policy can help to save the day.

Cybercrime is growing at an alarming rate. According to a global study by Resilient and the Ponemon Institute (2019), 63% of small- and medium-sized businesses experienced a data breach in 2019, with average costs of $1.24 million in compromised data or systems and $1.9 million in business disruption over a 12-month period.

A Commercial Cyber Insurance policy will provide your business with a safety net in the event of a cyberattack with technical and legal support to ensure minimal damage and disruption as a result of a security breach.

To give you an idea of how these events may play out, we’ve put together a typical scenario of a malware cyberattack commonly faced by businesses around the world.

A typical attack

Consider a fairly large company with offices in all major cities across South Africa. The company’s IT infrastructure is complex enough to require a large IT department to maintain in-house servers and support several thousand staff members’ laptops. The COVID-19 pandemic forced the majority of their employees to work from home, connecting their laptops to their home internet connections.

Thanks to regular security audits, security is tight with all staff required to complete security awareness training and use a secure virtual private network (VPN) to access company resources.

One day, a senior accountant in the company receives an email, apparently from the CEO. The email explains that an emergency payment has to be made to a third-party supplier, and the threatening tone makes it clear that the author will not tolerate any delays. The accountant quickly opens the attachment and makes the required payment.

Unfortunately, the email was a phishing attack, a forgery sent by scammers who had found the accountant’s LinkedIn page and from there had used Google and the business press to find the CEO’s name and the names of some of the company’s suppliers. But worse, the attachment containing the scammer’s bank details was also infected with malware, which activated the moment he opened the file.

Unfortunately, thanks to an error in the VPN configuration, the accountant’s antivirus software had not managed to update itself. It was outdated and could not recognise or intercept the malware. The malware immediately got to work, seeking out all Word, Excel and PDF files and encrypting them. Since our victim was connected to the company VPN and had network permissions allowing him full access to all financial records, the malware was able to encrypt those records as well.

Some time later, when he tried to open an expense report, he was surprised to find that it would not open. When he contacted IT for help, they found a file stored on his computer, placed by the malware’s authors. The file explained that all data had been strongly encrypted and was unrecoverable. The file further explained that if a ransom was paid into a specified Bitcoin wallet within 2 weeks, the attackers would provide the necessary decryption key and tools to recover the data. It also threatened to delete the decryption key permanently if he did not cooperate fully.

How the company recovered

The IT manager immediately logged on to the Commercial Cyber Insurance website to report the incident and submit a claim. A team of incident response specialists arrived on site within the timeframe specified by the cyber insurance policy and began isolating infected machines from the rest of the network and analysing the situation.

The incident response team’s first priority was to restore the business to normal operations. Fortunately, the company’s IT department had a rigorous policy about performing and fully testing backups and knew they would be able to restore the majority of their data in less than a day. Unfortunately, the victim’s senior position meant that many of the files he kept on his laptop were critical to certain active projects and were not part of the regular backup sequence. Management considered the situation and found that the cost to the business of losing those files was greater than the ransom demanded. They decided to pay the ransom and hope that the criminals would provide the decryption keys.

Once the incident response team had removed all traces of malware from the accountant’s laptop, they contacted the scammers using the contact details provided in the ransom note. They indicated their willingness to pay but complained about the size of the ransom. As negotiations proceeded, they recorded and analysed all conversations, attempting to identify which organisation was responsible for the attack.

Eventually, a compromise was reached; the ransom was paid by the insurer, and the decryption keys were received. The data was unlocked, and the incident response team reported its findings to law enforcement.

Many different businesses face these attacks every day. The attacks are often launched by professional crime syndicates who conduct their criminal extortions with professionalism and practised expertise, making it hard for most businesses to maintain the upper hand.

How can you get support against cybercrime?

Commercial Cyber Insurance not only covers the costs and damages from a privacy breach or a network security breach, but you also get technical assistance from a professional incident response team. If you would like to know more, visit sbinsure.standardbank.co.za and request your free quote today.

References

Ponemon Institute. 2019. ’Exclusive Research Report: 2019 Global State of Cybersecurity in Small and Medium-Sized Businesses’. Available [Online] https://start.keeper.io/2019-ponemon-report. Accessed: 9 June 2021.

Terms and conditions apply.

Standard Bank Insurance Brokers (Pty) Ltd (Reg. No. 1978/002640/07) is an authorised Financial Services Provider (FSP 224) and part of the Standard Bank Group. The Commercial Cyber Insurance product is underwritten by The Hollard Insurance Company Limited (Reg No. 1952/003004/06), a Licensed Non-Life Insurer and an authorised Financial Services Provider.