As many organisations rely on outsourced IT service providers to host their networks, insurance that adequately protects a firm in the event of a malicious attack against the process outsourcer is vital.
In this month’s Cyber Blog from MGAM, we look at how the MGAM Cyber Policy could provide support when you need it most.
What happened?
The Insured is a medium sized accountancy firm who utilises a cloud-based accountancy database and software.
The cloud provider notified the Insured of suspicious login activity to their account. It was alleged that there was unauthorised access to the Insured’s database and potential data exfiltration of the name, address, date of birth and tax records of approximately 5,000 clients.
Where is this covered?
Dependent Business Interruption is an insured event under the Insuring Clauses of the MGAM Cyber policy.
Coverage intent
Where the operation of the network of an IT service provider or business process outsourcer that provides services to you is degraded or interrupted as the result of a cyber-attack, the policy will pay any resultant loss of income you suffer including expenses incurred to mitigate and investigate such a loss.
What was the outcome of the claim?
The Insured notified Insurers and an Incident Manager was appointed on a without prejudice basis to assist the Insured.
Within a 2-Hour SLA, they arranged for IT, and legal support from our insurer partners Breach Response panel.
A panel IT vendor was instructed by the Insured to complete a forensic IT investigation to identify whether the login was compromised via the Insured’s systems or if it may have been compromised on the cloud provider’s side.
Lawyers advised the Insured on their obligations in respect of the potential privacy breach.
Additionally, as a result of the incident, the Insured suffered a temporary drop in turnover whilst it could not prepare tax returns for customers. They were able to demonstrate this loss of business and a total indemnity of approximately GBP 110,000 for business interruption loss and remediation costs was given by Insurers.