Quote and Buy

Edmund Insurance
  • Home
  • About Edmund
    • About Edmund
    • How Edmund Protects Your Business
    • Who Edmund Protects
  • Security Professionals
  • Resources & Insights
    • Resources & Insights
    • Cyber Breach Examples
    • FAQ
  • Emergency Response
  • Contact
  • Quote and Buy

Cyber Breach Examples

Cyber threats are a daily reality and you’ve no doubt heard of some high profile breaches

Based on what we know, here’s how Edmund’s cyber policy would have responded
linkedin
Brisbane City Council, August 2016

The Brisbane Lord Mayor, Graham Quirk, advised that Brisbane City Council had been scammed of $450,000 whereby fraudsters, posing as a Council supplier, contacted the council by phone and by legitimate looking e-mails advising the Council of a change in bank account details. As a result of this social engineering fraud, the Council suffered a loss of $450,000 (over nine payments) paid into the account nominated by the fraudster.

See the Edmund Answer
linkedin
Brisbane City Council, August 2016

Cover for Social Engineering Fraud Loss is available up to $100,000 if selected when applying for cover.
In this event, the Council transferred money because a person purported to be a supplier, and that person fraudulently misrepresented a fact which the Council believed and relied upon.

The Edmund Answer
linkedin
Melbourne IT, April 2017

As many as 500,000 Australian websites were rendered inaccessible after Melbourne IT, and subsidiaries, Netregistry and TPP Wholesale, fell victim to a large distributed denial of service (“DDoS”) attack which involved a network of thousands of compromised computers bombarding the servers with bogus requests. Reportedly, Melbourne IT informed customers approximately 6 hours after it began experiencing trouble.  The DDoS interrupted the console, cPanel, cloud hosting and mail platforms.  Melbourne IT said that the frequency of DDos attacks it mitigated in 2016 increased by 40% compared to 2015.

See the Edmund Answer
linkedin
Melbourne IT, April 2017

Business Interruption Loss.

This cover comes into play if a business is interrupted by a defined breach such as unauthorized access to the insured network resulting in a DoS attack suffered by the insured business (limited by the Business Recovery Period and subject to the Waiting Period) and costs have been incurred.  Costs include:

  • Costs to avoid or mitigate the effects of the interruption;
  • Additional expenses to continue normal operations; and
  • A reduced financial position calculated as set out in the policy.
The Edmund Answer
linkedin
Menulog, 2016

Online takeaway company, Menulog, suffered a data breach which exposed the personal information of more than 1.1 million customers.  Menulog faced criticism due to the delay in notifying affected customers of the breach.

See the Edmund Answer
linkedin
Menulog, 2016

When businesses face data breaches involving customers’ personal information, honest and upfront customer communication is key to maintaining credibility and reputation.

The covers that may come into play are:

  • Third Party Liability – If the business was sued by a customer (third party) for loss of data i.e. the customer’s personal information. If the business breached the privacy laws it may be fined or penalised by a regulatory body.
  • Event Recovery Costs – Data was exposed: costs to restore data; computer forensic services; costs to notify persons of any privacy breach including postage and call centre costs; public relations and crisis management services; and monitoring credit card usage and the reissuing of credit cards.
The Edmund Answer
linkedin
The Miami Medical Centre – Gold Coast, 2012

The medical centre suffered a ransomware attack. Russian hackers encrypted thousands of patient health records and demanded a ransom to decrypt the sensitive personal information. The ransom was not paid and the centre lost up 2 years of data.

See the Edmund Answer
linkedin
The Miami Medical Centre – Gold Coast, 2012

Every Cover within the Policy could come into play except the Social Engineering Fraud Option.  For example:

  • Third Party Liability – If the centre was sued by a patient (third party) for loss of data i.e. the patient’s sensitive personal information.  If the centre breached the privacy laws it may be fined or penalised by a regulatory body.
  • Defence Costs – Applying to the above liability.
  • Event Recovery Costs – Data was lost: costs to restore data; computer forensic services; costs to notify persons of any privacy breach; public relations and crisis management services; fees charged by the Edmund Emergency Response Unit.
  • Business Interruption Loss – If the centre had the business interrupted by the cyber attack and could prove a loss (limited by the Business Recovery Period and subject to the Waiting Period) and costs were incurred, this cover would respond.  Costs include:
    • Costs to avoid or mitigate the effects of the interruption;
    • Additional expenses to continue normal operations; and
    • A reduced financial position calculated as set out in the policy.
  • Threat of Extortion Response Costs – The centre was subjected to a credible extortion threat to harm access to, or use of, the centre’s network, software or data, including personal and commercial information.  Therefore this cover would respond.
  • Emergency and Expert Response Costs – The centre could incur Event Recovery Costs without Edmund’s prior written consent provided those costs were incurred by the engagement of Edmund’s Emergency Response Unit.
The Edmund Answer
linkedin
Ashley Madison, 2015

The dating website suffered a breach when 25 gigabytes of data, including personal information, was stolen. It resulted in embarrassment for users and major reputational damage to the company. In July 2017, a class action involving users of the website was settled for $11.2 million.

See the Edmund Answer
linkedin
Ashley Madison, 2015

When businesses face data breaches involving customers’ personal information, honest and upfront customer communication is key to maintaining credibility and reputation. 

The applicable covers are:

  • Third Party Liability and Defence Costs – The class action arose from loss of data – in this instance, the customers’ personal information. 
  • Event Recovery Costs – Data was stolen: costs to restore data; computer forensic services; costs to notify persons of the privacy breach including postage and call centre; public relations and crisis management services; and monitoring credit card usage and the reissuing of credit cards.
  • Business Interruption Loss – If the business was interrupted by the breach and could prove a loss (limited by the Business Recovery Period and subject to the Waiting Period) and costs were incurred, this cover would respond.  Costs include: 
    • Costs to avoid or mitigate the effects of the interruption;
    • Additional expenses to continue normal operations; and
    • A reduced financial position calculated as set out in the policy.

Coverage under Edmund’s cyber policy would be limited by the policy Limit of Liability and Sub-Limits of Liability

The Edmund Answer
linkedin
Don’t wait for your business to be on this list

Every business needs to consider cyber insurance and Edmund has designed a digital platform to allow you to quickly buy an Edmund cyber insurance policy.

See the Edmund Answer
linkedin
Don’t wait for your business to be on this list

We look after businesses just like yours

Get an Instant Quote

The Edmund Answer

We look after businesses just like yoursWe are dedicated to cyber insurance

Quote and Buy
How Edmund Protects Your Business

  • Home
  • About Edmund
  • Security Professionals
  • Resources & Insights
  • Emergency Response
  • Contact

KPMG International’s Trademarks are the sole property of KPMG International and their use here does not imply auditing by or endorsement of KPMG International or any of its member firms.

Edmund Insurance Pty Ltd (“Edmund”) ABN 65 619 424 958 acts under a binding authority agreement to bind cover and issue this policy. When doing so Edmund acts as an Agent for the Insurer and not for the Insured.

The Insurer is Munich Re Syndicate at Lloyd’s.

Edmund is a Corporate Authorised Representative (AR Number 1259810) of Bellrock Broking Pty Limited (“Bellrock”) ABN 68 122 809 830. Bellrock holds an Australian Financial Services Licence (AFSL Number 310545).

Edmund’s contact details:
Suite 21, 65 James Street Fortitude Valley QLD 4006 -- GPO Box 1426, BRISBANE QLD 4001
Phone: 1300 833 368 Email: Web: www.edmundinsurance.com.au

Edmund Insurance Pty Ltd, the Insurer, and Lloyd’s Australia Limited, proudly support the General Insurance Code of Practice (“Code”).  The purpose of the Code is to raise standards of practice and service in the general insurance industry.  A copy of the Code is available by contacting Edmund or from the Code’s dedicated website at www.codeofpractice.com.au.

Terms of Use | Privacy Policy | Complaints Policy

© 2019 Edmund

Edmund Insurance Pty Ltd, the Insurer, and Lloyd’s Australia Limited, proudly support the General Insurance Code of Practice (“Code”).  The purpose of the Code is to raise standards of practice and service in the general insurance industry.  A copy of the Code is available by contacting Edmund or from the Code’s dedicated website at www.codeofpractice.com.au.

Terms of Use | Privacy Policy | Complaints Policy

© 2019 Edmund

Prospectus registration

  • This field is for validation purposes and should be left unchanged.
Request a fitting
  • This field is for validation purposes and should be left unchanged.
Close
  • Home
  • About Edmund
    • About Edmund
    • How Edmund Protects Your Business
    • Who Edmund Protects
  • Security Professionals
  • Resources & Insights
    • Resources & Insights
    • Cyber Breach Examples
    • FAQ
  • Emergency Response
  • Contact
  • Quote and Buy