A small business hit by ransomware attack – how Hiscox handled the claim


.
Authored by James Webster.
3 min read
Person looking at figures on their cellphone and laptop
When a small PR and marketing business was hit by a ransomware attack, we wasted no time putting systems and services in place to get our customer back up and running again, explains James Webster, Head of Specialty Claims at Hiscox.

Imagine you’re in the middle of an ordinary working day when you suddenly find that no one in your office can open any of the files on your system. Without warning, you’re locked out of your own business. That was the terrifying situation that confronted one of our clients, a busy regional PR and marketing consultancy.

What happened next?

"I rang our IT consultant straight away. When I described what had happened he suspected immediately that we’d suffered an attack. That was confirmed when I clicked on a new text file that had appeared in one of our folders, which turned out to be a ransom demand," says our customer. The firm had bought a cyber risks policy with us only a couple of months before.

"Our next call was to Hiscox. They told us what we should do first and put us in touch with Control Risks. They were brilliant: they have a team of specialists dealing with cyber attacks, who were able to tell us which ransomware virus was used and the best way of dealing with it. Our IT consultant really appreciated the support they gave him." 

Unfortunately we see this type of ransomware claim a lot. In fact last year it made up nearly 50% of all the cyber claims we dealt with.

Could they recover?

Although help was at hand, our customer was understandably worried about what fallout there might be from the attack.

"I was concerned that this could be potentially catastrophic for our business. Would we be able to recover all of our files and what disruption would it cause to our customers? As a PR and marketing consultancy, I was also very worried about our customers’ perception of us after this."

The consultancy, which works with a handful of accounts at a time, decided to tell them about its problems. "They were sympathetic but they were keen to know that their projects wouldn’t be too badly affected. We tried our hardest to mitigate any impact on them, although we were offline for a couple of days, which set us back a bit. But it could have been much worse."

Luckily, the company already had taken precautions in case of any IT problems. "We’re only a small company but we try to be resilient, so we back up all of our files every day onto micro-tapes stored away from our office. That meant our IT guy was able to rebuild all of our files from the backups after he’d wiped clean our server to get rid of the viruses."

Growing data risk

Data protection is becoming a much bigger issue for every UK business, particularly with the General Data Protection Regulation (GDPR), which now imposes tougher penalties on those that fail to keep safe their clients’ personal information.

Our customer, the PR and marketing consultancy now advises its own clients to make sure they have cover against a cyber attack. "Not every small business will think about their data security risk, but I think that, along with property, employers’ liability and public indemnity insurance, it’s one of the essential covers that every small business should have.

"Without insurance we would have had to pay our IT consultant’s bill ourselves, and, we wouldn’t have been able to rely on Control Risk’s support, which was invaluable. So, it was money well spent," our client concludes.


Find out more about our Hiscox cyber and data risks insurance.

Disclaimer:
At Hiscox, we want to help your small business thrive. Our blog has many articles you may find relevant and useful as your business grows. But these articles aren’t professional advice. So, to find out more on a subject we cover here, please seek professional assistance.

James Webster

James Webster is Head of Specialty Claims at Hiscox. He leads the Media, Cyber and Technology team which responds to cyber claims.