A $10M ransomware victim with no viable backups and no way to recover. Guess what happened next...

A construction company was the victim of a ransomware attack and the cybercriminals demanded $10M. Without viable backups, the organization had no way to recover and needed assistance.  

The policyholder immediately contacted their assigned Beazley Cyber Services Manager, who helped select expert privacy counsel and forensic experts to investigate and determine the scope of the incident.  

The digital forensics team determined that the cyber criminal did not acquire or access PII; privacy counsel concluded that there were no notification or regulatory reporting obligations as a result of the incident. 

Beazley arranged for the services of a ransom negotiation firm, who successfully negotiated the ransom down to $5M. Beazley organized payment for the policyholder and in return, the organization received a decryption key for recovery. 

Without access to project systems, the policyholder needed extra workers, resources and equipment to maintain on-site work.  

The insured submitted a $3M business interruption and data recovery proof of loss, which later included a further $1M due to additional project delays. The incident resulted in $9M in payments from Beazley to cover these expenses, inclusive of the $5M extortion payment.