Cyber – PCI Fines

thumb print with binary numbers

June 23, 2021

SME businesses face an onslaught of attacks from cyber criminals which can lead to data breaches and investigations from regulators resulting in potential loss of earnings and fines.

In this month’s Cyber Blog from MGAM, we look at how the MGAM Cyber Policy could provide support when you need it most.

What happened?

The Insured operates nationwide retail stores selling small furniture and fashion items. 

On Black Friday, the Insured discovered a card-skimming script on their server. 

This script had the capability to extract customers card details as they were entered on the Insured’s website.

Where is this covered?

PCI Fines, Penalties and Assessments are an insured event under the Insuring Clauses of the MGAM Cyber policy.

Coverage intent

Where an investigation is brought against you alleging a breach of PCI standards, the policy will pay the costs associated with such an assessment as well as any resultant fines or penalties.

What was the outcome of the claim?

The Insured notified Insurers and within a 2-Hour SLA, an Incident Manager arranged for IT, legal and PR support from our insurer partners Breach Response panel. 

The IT specialists performed a forensic analysis of the Insured’s systems to identify the most likely attack vector and recommended remediation steps.

 Experienced lawyers advised the Insured on their notification requirements and liability in the event of any third-party claims for compensation. 

The PR firm assisted the Insured with their responses to the media including press releases.

Payment card providers required that the Insured’s website remain offline until the PCI Investigator assessment was concluded. 

As a result, the Insured’s website was offline for both the Christmas period and January sales. 

Forensic Accountants were arranged by Insurers to assist the Insured in calculating the business interruption suffered over this period due to their website being offline and which may be indemnified under the Policy. 

The total remediation costs in responding to the PCI assessment and business interruption loss is estimated at GBP155,000.