An automobile manufacturer suffered a ransomware attack that encrypted the majority of systems and temporarily shut down production.
The policyholder immediately contacted their Beazley Cyber Services Manager, who helped select expert privacy counsel and forensic experts to investigate and determine the scope of the incident
The digital forensics team determined that the threat actor did not access or exfiltrate any personally identifiable information, and privacy counsel concluded that there were no notification or regulatory reporting obligations. Widespread encryption resulted in significant impact to business operations. Despite viable backup solutions, restoration was time-consuming. With depleted inventory and the inability to produce additional goods, the policyholder was unable to satisfy orders and suffered significant losses in income.
While the policyholder did not incur notification costs or pay the ransom demand, the complexity of the ransomware event was costly. Significant data recovery expenses and business interruption losses resulted in the policy paying the full limit.