AXIS Cyber
Financial Institutions Case Study
THE CUSTOMER
An established lending operation that was increasingly moving to an online model. Consequently, it was ever more reliant upon its digital systems and was developing a progressive strategy for using artificial intelligence to improve its customer journey resulting in some rapid technology development.
THE INCIDENT
The customer was victim to a RYUK ransomware attack which encrypted their systems. The customer attempted to fix the problem with their own in-house IT team. However, when they brought the systems back online, the systems were encrypted. RYUK is difficult to eradicate from an infected system, and the customer’s in-house solutions had proven ineffective. The customer needed a solution to help avoid serious financial and reputation loss.
AXIS RESPONSE
Once AXIS was notified of the attack, the Incident Commander formed a panel of cyber experts to help the customer mitigate the situation. This panel included:
- A firm specializing in ransomware cases, to engage with the threat actors. Things became more complicated when it was discovered that one of the encrypted servers contained documents that could lead to a legal dispute if compromised. The ransomware specialist firm was able to recreate the documents from back-ups and hard copies
- Forensic accountants, to calculate the customer’s business interruption claim
- A local loss adjuster, to assist in formulating the customer’s claim
THE OUTCOME
The cyber experts were able to fully remove the RYUK ransomware from the customer’s system. AXIS also covered the remediation costs, which the customer used to pay for staff overtime and expenses needed to recreate their data.
"AXIS takes a consistent and thoughtful approach to underwriting risk. As this case illustrates, it was essential to build a close relationship with this customer to fully understand their broad risk profile."
Sarah Kennerley Open Market Cyber Co-Lead - Cyber and Technology
KEY CYBER COVERAGES TO CONSIDER
- Incident response costs
- Data recovery and restoration
- Income loss and additional expenses
PROTECTING CUSTOMERS' BUSINESSES
The AXIS Cyber team underwrites primary and excess cyber insurance globally.
It's a true partnership. To ensure customers can protect their businesses and respond to emerging cyber threats, we share the knowledge and resources from our expert team who are highly experienced in dealing with a myriad of cyber risks.
Claims examples may be based on actual cases, composites of actual cases or hypothetical claim scenarios and are provided for illustrative purposes only. Facts have been changed to protect the confidentiality of the parties. Whether or to what extent a particular loss is covered depends on the facts and circumstances of the loss, the terms and conditions of the policy as issued and applicable law.
This material is provided for informational purposes only and is not an offer to sell, or a solicitation to buy, any particular insurance product or service for a particular insured. It is intended for licensed insurance professionals. The services and service provider discussed in this document are suggested as risk mitigation and incident response resources. Use of AXIS Incident Commander does not constitute advice of any kind, and use of any service provider does not guarantee the performance or quality of the services provided, including the avoidance of loss, the fulfilment of any obligations under any contract or compliance with any law, rule or regulation. AXIS is not responsible for the effectiveness of a cyber risk management program and encourages each policyholder, together with advice from their professional insurance advisor, to perform its own independent evaluation of any service provider as part of its overall risk management strategy.
