Six-Figure Savings When Urged to Implement Cyber Security Strategies

The company was a second-generation privately-owned manufacturing and distribution company with three Divisions and a relatively sophisticated ERP system. One of the Divisions did 50%+ of its sales of cash and security handling products via their website to banks, credit unions, armored transport providers and individuals, so B2B and B2C. Shortly after joining, our Partner reviewed all insurance coverages which, among other items, revealed that there was no cybersecurity coverage in place. Cyber-attacks/data breaches were increasing rapidly, but the Board felt that they were not a likely target and did not see it as an essential risk management tool. However, they did agree to obtain quotes for such coverage.

One of our CFO partners obtained a variety of cyber insurance quotes through the company’s insurance brokers and presented them to the Board, who finally agreed to put in place a comprehensive policy with $1 million of coverage for an $8,000/year premium.

The above-noted policy was implemented. The following year the premium went up to $15,000/year for the same coverage, because of the increased frequency and wide variety of targeted hacks being experienced in the marketplace. After considerable discussion, the Board agreed to renew the policy given the increasing risk profile.

Almost two years to the day that the original policy was bound, the company experienced a serious data breach on the server of the third-party provider that hosted the company’s website. Customers' credit card details and other personal information were compromised across a significant number of States.

The cost of engaging specialist lawyers, forensic accountants, and other outside services to address the breach, as well as all the complex legal requirements in place across the various States, amounted to around $180,000. However, the company only paid the deductible of $20,000, with the “savings” of $160,000 only possible because of the persistence and persuasion of our Partner. Needless to say, the Board was very glad that it had agreed to take the coverage!