- About PS&F
- Industry Focus
- Client Tools
- Education & Events
- Case Studies
September 15, 2009
A client’s computer system was ‘hacked’, by a group of unidentifiable individuals, illegally accessing their computer system to store data, which would be then used in other ‘hacking’ attacks.
As is common with hacking attacks, the usefulness of our client’s system diminished and the hackers disabled our clients’ entire computer infrastructure to remove any traceable information, causing multiple servers to shut down, disrupted their internet traffic and disabled their e-mail service.
During the days following the attack, the client’s Chief Financial Officer was with a Parker, Smith & Feek Account Executive discussing an unrelated insurance matter, when the hacking attack came up in conversation. The client had assumed that their insurance policies did not cover such an attack. The Account Executive engaged the Parker, Smith & Feek Claims Department to research if any coverage existed.
Our claims team located several clauses related to hacking within the client’s property policy including a clause relating to “Specific hacking events” that provided full coverage, and another clause relating to “random hacking events” that had a coverage sub-limit of $10,000. The policy also only covered “physical damage to tangible property”.
As the majority of the damage was related to software the insurance company argued that the software was not tangible property and that coverage was only available for the damaged hardware. The insure also believed that the attack was random in nature and not specific to the client.
The Parker, Smith & Feek claims team, working alongside the clients Information Technology staff and a team of computer forensic specialists, was able to prove that the attack was specifically targeted towards our client. In addition Parker, Smith & Feek was able to demonstrate that the software was indeed “damaged” and part of tangible property. After some tense negotiating, the insurance company reluctantly accepted Parker, Smith & Feeks’ coverage assessment. Shortly after this claim was made several insurance companies modified the language in their policies to remove any ambiguity between software and hardware.
Our client was able to recover over $1 million in costs associated with the hacking attack and the subsequent investigation.