Cyber claims case study: Data recreation, not just data recovery

One word can be the difference in comprehensive cyber cover and a policy that falls short. In this case having a 'data recreation' rather than just 'data recovery' makes a big difference for an accountancy firm.

Cyber Case study 6 min Sat, Aug 24, 2024

One word can be the difference in comprehensive cyber cover and a policy that falls short. To show CFC’s ‘data recreation’ clause in action, providing vital support to an accountancy firm that would have been left to fend for itself with a policy that offered just ‘data recovery’.

Data is a critical business asset. Be it confidential records, complex designs, product orders, employee data or intellectual property, so much value now exists in the digital space that the last thing any business wants is for their data to be compromised. Which is why some cybercriminals make data theft, decryption and destruction their sole aim.

Here, cyber insurance can provide vital support. But the ‘data recovery’ offered by most policies often falls short of comprehensive cover, such as cases where data backups are destroyed. Instead, it’s important to go with a policy that offers ‘data recreation’; if data is deemed unrecoverable, the policy can help recreate that data from scratch, a task that would otherwise require significant resources and be very costly for a business.

It’s important to go with a policy that offers ‘data recreation’; if data is deemed unrecoverable, the policy can help recreate that data from scratch.

An accountancy firm found itself in this exact position, when a threat group managed to encrypt systems and steal data. Fortunately, this event triggered the firm’s comprehensive cyber policy with CFC.

How the data was lost

The threat group gained access to the accountancy firm’s network due to an unpatched vulnerability in the firm’s firewall. The cybercriminal had a high level of access, and capitalized on the opportunity to steal data and encrypt systems, effectively paralyzing the firm’s operations while taking away its digital assets.

Unfortunately, the firm’s data backups were kept on the live environment, so they too were encrypted and rendered unusable. This gave the firm no choice but to purchase the decryption key from the threat group. However, while the threat group did hand over the key as agreed and the firm managed to reboot its systems, the initial attack corrupted the firm’s data – rendering it useless.

For the firm, letting that data go was not an option. Invaluable client information was included in the lost files, which the firm needed to rebuild if it was to continue working with those clients going forward.

The impact of losing data

Recreating lost data costs time and money. The accountancy firm’s staff had to work overtime for weeks to rebuild client files from paper records and emails held on file. The costs amounted to more than $50,000, at a time when the firm also had the stress of repairing systems, preserving client relationships and coping with a shortfall in revenue; client engagements had to be refused and existing engagements reduced, due to limited access to client information and employees spending their time on recovering from the incident. That’s a major hurdle for any business to overcome.

After all this, you would expect your cyber insurance policy to step in. But if the firm’s policy offered only ‘data recovery’, they would have been left to rebuild that data and pay for the extra resource themselves. Thankfully, this firm had a CFC cyber policy.

Triggering the data recreation clause

CFC’s cyber insurance policy covers data recreation as standard, so the firm’s financial cover extended to include not only the cost of recovering the backups, but actually rebuilding data from scratch where data had been lost, corrupted or backups are unavailable.

The firm had purchased only a $1 million limit, but received cover for all costs due to CFC’s two separate limits.

The total costs to recover from the incident amounted to over $1.2 million. This included digital forensics to investigate the cause of the attack, the cost of data mining to determine what data had been accessed and whether notification was necessary, a ransom payment, significant business interruption loss, legal assistance, and of course data recreation costs.

The firm had purchased only a $1 million limit, but received cover for all costs due to CFC’s two separate limits: one for incident response costs, one for dealing with other costs including business resumption, business interruption and cybercrime costs.


Key takeaways

  1. The value of data recreation

    CFC covers recreating data from scratch where data has been lost or corrupted due to a cyber event. We don’t just pay for recovering data from backups. It’s crucial to look for this difference in wording in your cyber policy.

  2. How to store backups

    Keeping data backups on the live environment makes them susceptible to encryption or deletion by hackers.

  3. Two separate limits

    An incident response limit in addition to the policy limit helps to ensure complete coverage.

To learn more about data recreation, check out our supporting article or get in touch via cybermarketing@cfc.com.

 

Legal Disclaimer: These examples are intended for illustrative purposes only and not intended to address the circumstances of any particular insured. Each claim submitted to CFC by an insured is based on the terms and conditions of the coverage provided to that particular insured and the facts and circumstances relating to a particular claim.