Thank you for your interest in CyberEdge®. Below, you will find helpful information on how we can best serve you and your clients, including details on our risk appetite and claims scenarios.
Tangible (physical) Losses:
Up to $100 million
Targeted Classes/Industries/ Geographies
All, including, but not limited to the following industries: Retail, Healthcare, Higher Education, Financial Institutions, Manufacturers, Technology, Law Firms, Energy Companies
Risk Consulting Services
Preferred Vendor Services
Ransomware: An insured’s computer server was maliciously attacked by a virus that encrypted their data and demanded a $5,000 ransom to un-encrypt. The insured reported the matter to the FBI and local authorities. The insured did not pay the ransom on the advice of the FBI; rather AIG worked with the insured to engage an expert to perform a forensic analysis of their system. The forensic expert was able to determine that the impacted server did not contain any confidential information but rather the company’s warehouse inventory information. The forensic expert was able to remove the virus and strengthen the insured’s data security protections. AIG reimbursed the insured more than $45,000 for forensic costs incurred.
An insured hospital was notified of a potential HIPAA breach involving protected health information (PHI) of over 40,000 patients. AIG quickly engaged with the insured to retain breach counsel and a forensic investigator. Based on the ensuing investigation, we coordinated with the insured and breach counsel on the selection and retention of vendors to handle the required notification to regulators and patients, offered patients access to identify monitoring protection, and established a call center to handle inquiries and registration for the identity monitoring protection. AIG reimbursed the insured $450,000 for Credit Monitoring and ID Theft Insurance, $175,000 in notification and call center costs, $25,000 in forensic costs, and $90,000 in legal costs. The policy also covered $500,000 in regulatory fines assessed on the insured.
Hackers accessed the insured’s system through a targeted spear-phishing attack. The hackers placed ransomware on the system - which, once activated, encrypted all the data on the insured’s system. Seven servers and hundreds of PCs were affected. The hackers demanded 12 Bitcoin for the encryption keys. The insured engaged with AIG’s cyber claims specialists to coordinate the retention of breach privacy counsel and a forensics firm to respond to the event. AIG and breach counsel coordinated efforts with law enforcement. The insured and the forensics firm were unable to unencrypt the insured’s data and, after consultation with AIG and law enforcement, the insured made the decision to pay the ransom. We facilitated the retention of vendors to procure the necessary Bitcoin for payment of the ransom. Once paid, the insured received the necessary encryption keys. The system was then gradually brought back online over the course of several days. Ultimately the insured’s business system was offline for 2.5 business days. AIG reimbursed the insured $4,500 for the ransom, $2,500 in Bitcoin procurement expenses and payment, $950,000 in forensic investigation and remediation, $65,000 in legal costs, and $32,000 in public relations costs. In addition, AIG reimbursed the insured $1.1 million for its lost income and $850,000 for additional expenses associated with the outage.