Cyber – Privacy and Security

Privacy and security

June 9, 2021

Cyber-attacks are the fastest-growing threat to modern businesses, with billions of attempts by hackers every year. 

In this month’s Cyber Blog from MGAM, we look at how the MGAM Cyber Policy could provide support when you need it most.

What happened?

The Insured operates an on-line fashion website.  Their card payment provider notified them that their website was a common point for recent fraudulent transactions. 

Where is this covered?

Privacy and Security Breaches are insured events under the Insuring Clauses of the MGAM Cyber policy.

Coverage intent

Where a claim is brought against you alleging a data breach, security breach or privacy breach the policy will pay for the costs incurred in defending such a claim including any resultant damages you are required to pay.

What was the outcome of the claim?

A PCI Forensic Investigator was appointed and the matter notified to the Cyber Hotline. 

An Incident Manager was appointed on a without prejudice basis to assist the Insured.  The Incident Manager arranged for the Insured to appoint IT, legal and PR support from Insurers’ panel. 

IT specialists responded within a 2-hour SLA to perform an IT forensic analysis.  Meanwhile, solicitors advised on the Insured’s notification requirements.

IT investigators discovered a card-skimming script was on the Insured’s website.  This was introduced via a vulnerability in a third-party extension to the Magento platform, a popular e-commerce platform.  Following evidence of potential data extraction, lawyers assisted the Insured with notifying the UK Information Commissioners Office.

The potentially affected data subjects (nearly 400,000) were from over 100 different countries, therefore, the law firm utilised their global network to determine notification requirements of the various jurisdictions and notified the necessary regulators/data subjects in compliance with local laws.

In the meantime, legal and PR specialists handled the small number of demands for compensation.  Credit monitoring and ID theft protection was offered to complainants; with two escalating to small monetary settlements.

The Insured received approximately £125,000 in indemnity for the costs incurred with the panel experts and additional defence costs.