The Brisbane Lord Mayor, Graham Quirk, advised that Brisbane City Council had been scammed of $450,000 whereby fraudsters, posing as a Council supplier, contacted the council by phone and by legitimate looking e-mails advising the Council of a change in bank account details. As a result of this social engineering fraud, the Council suffered a loss of $450,000 (over nine payments) paid into the account nominated by the fraudster.
Cover for Social Engineering Fraud Loss is available up to $100,000 if selected when applying for cover.
In this event, the Council transferred money because a person purported to be a supplier, and that person fraudulently misrepresented a fact which the Council believed and relied upon.
As many as 500,000 Australian websites were rendered inaccessible after Melbourne IT, and subsidiaries, Netregistry and TPP Wholesale, fell victim to a large distributed denial of service (“DDoS”) attack which involved a network of thousands of compromised computers bombarding the servers with bogus requests. Reportedly, Melbourne IT informed customers approximately 6 hours after it began experiencing trouble. The DDoS interrupted the console, cPanel, cloud hosting and mail platforms. Melbourne IT said that the frequency of DDos attacks it mitigated in 2016 increased by 40% compared to 2015.
Business Interruption Loss.
This cover comes into play if a business is interrupted by a defined breach such as unauthorized access to the insured network resulting in a DoS attack suffered by the insured business (limited by the Business Recovery Period and subject to the Waiting Period) and costs have been incurred. Costs include:
Online takeaway company, Menulog, suffered a data breach which exposed the personal information of more than 1.1 million customers. Menulog faced criticism due to the delay in notifying affected customers of the breach.
When businesses face data breaches involving customers’ personal information, honest and upfront customer communication is key to maintaining credibility and reputation.
The covers that may come into play are:
The medical centre suffered a ransomware attack. Russian hackers encrypted thousands of patient health records and demanded a ransom to decrypt the sensitive personal information. The ransom was not paid and the centre lost up 2 years of data.
Every Cover within the Policy could come into play except the Social Engineering Fraud Option. For example:
The dating website suffered a breach when 25 gigabytes of data, including personal information, was stolen. It resulted in embarrassment for users and major reputational damage to the company. In July 2017, a class action involving users of the website was settled for $11.2 million.
When businesses face data breaches involving customers’ personal information, honest and upfront customer communication is key to maintaining credibility and reputation.
The applicable covers are:
Coverage under Edmund’s cyber policy would be limited by the policy Limit of Liability and Sub-Limits of Liability
Every business needs to consider cyber insurance and Edmund has designed a digital platform to allow you to quickly buy an Edmund cyber insurance policy.