Cyber Security

Ask yourself this: How will my current insurance respond in the event of a cyber security breach resulting in the loss of sensitive customer or employee data?

The information age allows us to collect and store more data and extract information around the globe 24/7. Access to sensitive information can significantly increase a company’s vulnerability to cyber security threats – any of which can result in significant out-of-pocket and reputational costs that can devastate the bottom line.

Is your company prepared for:

  • Identity theft resulting from lost or stolen financial information of customers, credit card numbers, tax file numbers, or other confidential information?
  • A cyber extortion threat?
  • An e-business interruption, resulting from a security failure or internet virus?
  • Costs related to a privacy breach notification of clients private details?

No business is immune

The targets of cyber attacks span a multitude of industries and cyber criminals don’t care where they steal private information from.

The perpetrator could live halfway around the globe. Organised cyber crime rings operate worldwide, 24/7.

Businesses have become more reliant on technology to operate, but it is people and our desire to trade that creates the exposures. Yesterday’s risks now manifest themselves very differently in today’s digitally connected world.

Existing insurance policies may be inadequate to respond to today’s digital exposures.

To find out more on how to limit your cyber exposure, and provide the necessary insurance protection for your business, contact us today. Call us on 1300 400 707 or email us at info@nwcinsurance.com.au

Loss Scenarios


Type of Organisation: Solicitor

Employees: 55
Annual Turnover: $20,000,000
Coverage Considerations: Threat, e-Business Interruption, Privacy Notification and Crisis Management.

Hackers obtained access to a law firm’s network and claimed to have access to sensitive client information, including a public company’s acquisition target, another company’s prospective patent technology, the draft prospectus of a venture capital client and a significant number of claimants’ personally identifiable information. The firm was contacted by the hacker group seeking $10,000,000 not to place the stolen information on-line.

Outcome: The law firm incurred $2,000,000 for forensic investigation, extortion related negotiations, a ransom payment, notifications, credit and identity monitoring, restoration services and independent lawyers’ fees. The firm also sustained $600,000 in lost business income and expenses associated with the system shutdown.


Type of Organisation: Hotel

Employees: 2,500
Annual Turnover: $250,000,000
Coverage Considerations: Privacy Notification and Crisis Management.

A former hotel executive gained unauthorised access to the hotel’s confidential database of names and credit/debit card information of 75,000 customers as well as personal information of 2,500 employees. The information was sold to an organised crime network.

Outcome: The hotel incurred more than $2,500,000 in expenses associated with the forensic investigation, notifying customers, credit and identify monitoring and restoration, public relations and regularly action defence costs. The hotel was also fined $2,500,000.


Type of Organisation: Professional Service

Employees: 20
Annual Turnover: $10M – $20M
Coverage Considerations: Crisis Management, e-Business Interruption and extra expense cover.

A staff member saved a word document (application form) to their personal mobile device and sent it to their word email for printing. The application was sent from a friend for entry to a competition. On opening the document at work, malware was released into the company’s network and commenced secretly encrypting files and directing weekly back up files to servers out of control of the company. A few weeks later the companies’ computer network received a ransom warning that “locked” all staff’s access to the network. There was an extortion demand posted on the screen stating that the company had to pay $5,000 into a specific bank account within 7 days to have its data unencrypted or else all data would be destroyed. The business was impacted immediately and could not access customer records or service business.

Outcome: The cyber attack resulted in a business interruption claim of over $100,000, many unhappy customers, and resulting brand damage as well as additional expenses that eroded the business working capital. Business was impacted for over 1 month.