Cyber claims case study: Legacy system letdown
Most modern companies, even those who might not believe they have a significant cyber exposure, utilize their computer systems to perform certain business functions in one way or another.
Should those systems become unavailable or cease to function properly as a result of a cyber attack, it can have a detrimental impact on the business in question and result in substantial costs being incurred. Our latest case study tells the story of how an electrical contracting firm’s legacy system was adversely affected in the aftermath of a ransomware attack, resulting in sizable data re-creation costs.
The key takeaway points are:
- Dealing with a ransomware incident is rarely a simple matter of the ransom payment being made. In this case, even though the ransom payment was made and the system was successfully decrypted, the ransomware had the unintended side effect of severely impairing the functionality of one of the company’s most vital systems.
- The use of legacy systems can significantly increase the risk of a cyber loss. Generally speaking, legacy systems are not only far more vulnerable to attack, they are also much more susceptible to dysfunction following a cyber attack.
- The importance of having data re-creation cover is becoming increasingly apparent. Many cyber policies only provide cover for the cost to recover or restore data from back-ups, but not the costs to re-create or re-enter lost data from scratch. The bulk of the costs attached to this claim came from the labour costs associated with manually re-entering data, and brokers should be sure to check that their clients have this important cover in place.
- Almost all modern businesses have some form of cyber exposure. Even though the policyholder in this case was an electrical contracting business that didn’t solely rely on their computer systems to carry out work, they still had an office function that had a key role in the running of the business.