Webinar Recap - Lessons Learned from the Field: Real Life Claims Stories

By Robert H. Rosenzweig, RPLU, National Cyber Risk Practice Leader

Webinar Recap - Lessons Learned from the Field: Real Life Claims Stories

With Robert Rosenzweig, Risk Strategies National Cyber Risk Practice Leader ; Richard Sheridan, Chief Claims Officer at Berkley Cyber Risk Solutions and Steve Krusko, Chief Underwriting Officer at Berkley Cyber Risk Solutions.

As cyber risk professionals, ransomware attacks don’t just represent numbers to us – they’re the real-life struggles that businesses we work with every day face. In our latest webinar we highlight three real-life examples of insurance claims that were filed after ransomware attacks to demonstrate where businesses are vulnerable and how to mitigate future risk.

What You Missed

Current Threat Landscape

Ransomware remains on the rise in both frequency and severity. There has been a 150% increase in incidents since 2018, 83% of which impact businesses that make under $300m in revenue. As we saw with several high-profile cases – SolarWinds, Blackbaud, and Microsoft Exchange – threat actors are able to infect scores of people and businesses by taking advantage of vulnerabilities in software and vendor systems, as well as through phishing scams and open ports in Remote Desktop Protocols. Third-party risk is becoming a top concern in the cyber market, as these vendor attacks can start a chain reaction of damage and claims for thousands of individual businesses.

Claims Scenarios

Case Study #1: Ransomware

A manufacturer/distributor is contacted by a threat actor and shown evidence that the actor has access to significant quantities of personally identifiable information from the insured’s server. They extort the manufacturer for 1.5 bitcoin (equal to approximately $95,000) in exchange for not publishing the information. The manufacturer responds by having a breach incident response firm investigate further and negotiate with the actor. Visa and Amex also contacted the manufacturer and indicated the likelihood of a credit card breach, and the manufacturer retained a PCI Forensic Investigator per their contractual agreement.

Lessons Learned: This manufacturer discovered weaknesses in both network security and from its employees as the incident unfolded. In order to prevent future breaches it needs to set up multifactor authentication (MFA); endpoint monitoring of its network to scan for malicious activity; employee training; network segmentation, to improve security and give administrators greater control. The total cost incurred from this incident was $150,000.

Case Study #2: Business Email Compromise

A trade association received a suspicious number of phone calls from members over the course of a few days asking to withdraw substantial funds. They all had access to personally identifiable information to confirm their transactions. A breach incident response firm was retained to coordinate an investigation and confirmed unauthorized access to multiple email accounts, giving the threat actors access to the personal information of 10,000 individuals. In accordance with state law, notification of the breach and credit monitoring for those impacted was required.

Lessons Learned: This claimant will be utilizing both MFA and a secondary verification for financial transactions, and they too will be implementing segmentation of their network in order to have more control over their data and the flow of traffic. The cost incurred was $129,000.

Case Study #3: Vendor Compromise

In response to an emergency bulletin posted by Microsoft, a consulting firm’s IT team discovered an indicator of compromise through their Exchange servers. A breach incident response team coordinated an investigation and discovered that there was a data exfiltration and personal identifiable information was impacted. The consulting firm proceeded with notification and credit monitoring in accordance with state law.

Lessons Learned: This firm discovered the hard way that vendor vulnerabilities can be your vulnerabilities. In future, they need to do regular patching for their servers and make sure that are including indemnity provisions and insurance requirements in vendor contracts. The total cost incurred was $100,000.

Mitigation with Supplemental Coverage

Prevention is the best medicine for a cyberattack. Our three claimants have instituted new security measures to prevent future data breaches, but all three still incurred hefty costs before the incidents were resolved. Supplemental coverage, such as that offered by Cyber Resolute, gives organizations the option to bolster their cybersecurity by giving policyholders access to proactive services to address some of the commonly exploited vulnerabilities outlined above.

Ransomware attacks will continue, but hopefully the frequency of claims can begin to decline as more individual businesses adopt some of these measures to assess their operations, identify their vulnerabilities, and address them before a threat actor can take advantage.

Watch the ‘Lessons Learned from the Field: Real Life Claims Stories’ webinar in full here (passcode: 7YRB$.9^)

You can download the slide deck from the webinar by clicking here

Become a Cyber Resolute policyholder and gain full access to the eRiskHub.

Want to be the first to hear about our next webinar?

Find Rob on LinkedIn here

Connect with the Risk Strategies Cyber Risk team at

Email Rob directly at