LET’S PLAY BALL
THE FACTS
A U.S. sporting equipment retailer’s online ordering
system was hacked after an employee downloaded nonapproved software onto their computer system. The
software contained malware that allowed the hacker to
gain access to confidential customer information. The
sports equipment retailer received notice of the breach
via a computer error message the hacker placed on
their network.RM1
The hacker demanded a $45,000 ransom. If received,
the hacker promised to return the customer
information and not publically reveal the weaknesses in
the retailer’s computer system.PB1
The insured contacted Control Risks, the crisis response
firm associated with their Kidnap, Ransom & Extortion
policy, for assistance in responding to the cyber
extortion demand and engaging a law firm and breach
response team.
THE RESULT
The crisis response firm determined the best approach
was to not respond to the ransom demand in order
to reduce the likelihood of future recurrences. The
firm recommended that the retailers work to fix
the vulnerabilities in their computer system, notify
customers of the breach and create a customer
response center to handle questions and concerns. The
retailer’s Kidnap, Ransom & Extortion policy provided
coverage in response to the incident including:
•• $25,000 in crisis response fees from Control Risks
•• $25,000 in forensic analysis
•• $125,000 in business interruption costs for efforts to
counter and mitigate the cyber extortion demand PB2
•• $100,000 in attorney’s fees
RISK FACTOR #1
Access to computer systems that result in cyber extortion demands is often
gained through unsuspecting employees using social engineering, phishing, or a
Trojan horse software.
POLICY BENEFIT #1
The Schinnerer Kidnap, Ransom & Extortion policy includes coverage for
extortion threats with an associated ransom demand, including extortion
threats of a computer attack against the insured or to reveal confidential or
proprietary information of the insured.
POLICY BENEFIT #2
The Schinnerer Kidnap, Ransom & Extortion policy includes coverage for
business interruption as a result of a kidnap, detention, hijack, extortion, cyber
extortion, product extortion or contingent extortion attributable to the insured’s
efforts to counter or mitigate the effect of such incidents.
Visit www.schinnerer.com/kidnap for more information or contact a Kidnap, Ransom & Extortion underwriter at
[email protected]
Victor O. Schinnerer & Co., Inc. | Two Wisconsin Circle | Chevy Chase, MD 20815
Phone: 301-961-9800 | Fax: 301-951-5444 | [email protected]
Any examples in this article are for illustrative purposes only and any similarity to actual individuals, entities, places or situations is unintentional
and purely coincidental. This material is not intended to establish any standards of care or to serve as legal advice appropriate for any particular
factual situations. This information is for illustrative purposes only and is not a contract. It is intended to provide a general overview of the policy described.
Nothing contained herein should be construed as an acknowledgement by Schinnerer that a given situation may be covered under a particular policy.
© 2016 Victor O. Schinnerer & Company, Inc. | In CA, dba Schinnerer Insurance Services | CA Ins. Lic. # 0156109