A small shop in panic

Gold Trusted Service Award - Feefo 2020
Platinum - Trusted Service Award - Feefo 2021

A Cyber Insurance Shop & Retailer claim example

The following is a purely hypothetical example to give a practical demonstration of a common cyber-claim. Any similarity to real businesses, people, or events is purely coincidental.

A small business named His and Hers is operated by two sisters and located in Swansea. They sell a variety of men’s and women’s clothes out of their medium-sized brick and mortar store, located in a retail park. They also fulfil online orders through their own website which is hosted via a well known ecommerce platform.

The attack

A group of hackers is able to gain access to the store’s ecommerce systems via discovering exploits in their websites code. His and Hers website is amongst a dozen or so small businesses who each suffer a data breach as a result of the hack.

A treasure trove of confidential customer information is obtained and stolen including the names, email addresses, home addresses, and payment details of over 5,000 customers of His and Hers. The information is copied and found to have then been sold on for a premium.

The claim

His and Hers call their insurer, who immediately begins a forensic investigation into the source of the attack. They will do their best to trace the source of the breach, and ensure that the businesses online store can no longer be exploited.

The insurer then sets about informing customers of the breach. They will then set about seeing which customers have had unauthorised purchases made with their stolen details, informing the proper authorities and reimbursing valid claims.

The insurer will then inform cyber-professionals of as many details as possible about the virus so they can update their definitions and help prevent further attacks from similar viruses. It allows all businesses to become better protected against these attacks.

Ultimately His and Hers and its customers were greatly affected by the breach. The business incurred notification and credit monitoring costs, as well as a wide variety of legal expenses which would have cost the firm in excess of £200,000 in damages had they not been protected. The small retailer was also able to make use of the insurer’s cyber training academy and ongoing support to ensure their business remains protected.