Cyber Claims | Cyber Insurance | Brit Insurance

cyberattacks are increasing

Cyberattacks are increasing every year and they’re becoming more complex. That’s why we believe all organisations need to be prepared. Understanding how your insurance policy can help in the event of an attack and who to turn to for immediate support is critical.

What to do if you suspect a cyber breach

When you’re in the midst of a potential breach, it can be difficult to know what to do for the best and easy to make mistakes that can further compromise your organization. That’s where we come in.

The two most important things to do immediately are:

• Contact the Brit 24-hour breach response service
• Report the claim or potential claim in writing – please refer to your policy for the claims notification email address.

The most convenient way to do this is via our app. It’s quick and simple and saves time locating insurance documents.

What happens when a client calls the 24 hour breach response service?

breach response process

Independent cyber breach response services

Our team guides clients through the process and the range of skilled experts and services available to them, including forensic accountants, digital forensics, PR, and Breach Counsel.

Our Breach Counsel and digital forensics teams provide a completely independent view – working on behalf of, and in the best interests of the insured client.

A Client who instructs digital forensics themselves, without a breach counsel engaged, results in the instruction not being subject to legal privilege, and therefore the information is open to a third-party law firm.

Our breach response experts will work collaboratively with in-house IT teams but independence is crucial. Letting an external team handle things also mitigates the risk that an insider is involved in the attack. 

The objectivity offered by these services is vital to the client if it comes to litigation at a later stage.

Breach Counsel

Breach Counsel’s role is to protect the client and enjoy attorney-client privilege – to make sure our clients are protected and that our clients have the best advice at their fingertips.

A good way to describe Breach Counsel’s role is that they are the quarterback in your response team. They act as the linchpin for the entire breach response. They advise clients on their obligations under privacy laws in the relevant territories. They also coordinate specialist services most suited to the client, their industry, and the circumstances of the breach.

Importantly, they look over every aspect of the incident and make sure the client is protected from litigation – making sure the client doesn’t act in a way that could cause damage to them later. For example, third-party litigation firms may try to get information on the breach, or a major client of the insured may demand to know what’s happened.

Breach Counsel protects their client’s interests only. It means they can’t share any information with third parties. They are completely independent. Much of the information they have isn’t even shared with the Brit claims team, except notice of the potential claim and limited details of the circumstances.


Digital forensics

Often one of the first teams to get involved, especially in a live attack, they’ll try to see if there’s a way to restore your system from backup files. They are skilled at identifying the attack path taken by the threat actor and assessing whether they are a credible threat.


Ransom negotiators

ransom response process

We always bear in mind our and the insured’s obligations to ensure negotiations don’t proceed with a sanctioned organisation. In the US, your Counsel will also advise the relevant law enforcement bodies.

Crisis response teams

Crisis response services are set up in a similar way to call centers. They’ll contact individuals whose data has been compromised in a breach to explain why they’re being contacted and offer credit monitoring services to check if their data has been used.

What could cause a cyber breach?

Cybercrime is constantly evolving and data breaches can happen in a number of ways – here are some pointers to help you and your staff stay ahead of the threat actors or hackers.



Clicking on a link or opening a malicious attachment in a phishing email or SMS message (smishing) is one of the most common ways a data breach can happen. A phishing email or message is sent maliciously by a threat actor and usually contains a compelling reason to click or open a link or attachment.

Spearfishing is an adaption to this where individuals are more specifically targeted. The email looks like it’s genuinely from a friend or known contact of the recipient and will contain a link that will give that threat actor or hacker to your company’s network. Human resource and finance departments are also especially vulnerable to this type of attack.

Whaling is when specific individuals such as C-suite individuals and senior executives are identified and targeted because they have access to particularly sensitive information. The emails are highly personalised and crafted using appropriate business language in order to convince the recipient.

There’s also an offshoot of spearfishing known as “vishing” - or voice phishing - when someone impersonates someone else by phone to access confidential data. It’s usually done in conjunction with a spearfishing email to validate the request by providing a phone number to call.


The most common types of Cyber Attack

Once the hackers have access to your systems, they typically bide their time. They’ll silently sit in your network, take a look around and watch who you correspond most with and where they might insert themselves. In other words, they’ll work out how they can cause the most disruption to support their cause, or simply for maximum financial gain.

When they decide to act, they might spoof an email from a client to look like it’s legitimate and say that banking details need to be updated. This is called a social engineering loss.
While it’s essential to have adequate cover in place if your organization is subject to an attack, training your employees to recognize a phishing email is one of the best ways to prevent an attack. All our cyber insurance clients have free access to phishing simulations via DataSafe, our cyber risk management platform.

Ransomware – one of the most popular attacks

Using ransomware – malicious software or malware – is another common type of cyberattack, and it usually happens in one of two ways.

This is where the hacker accesses your system and deploys ransomware to encrypt everything. Then they demand payment in return for the decryption key. The second method is where hackers exfiltrate data from your system and hold it hostage externally, while threatening to release it to the public.


Physical breach – the old-fashioned way

Data breaches can also happen because of good ol’ fashioned physical theft. Stolen paperwork can contain the same sensitive information as stolen electronic data. If this happens, our claims team can arrange credit monitoring for the individuals affected and notify the State Regulators.


Property damage caused by a cyber attack

Our cyberattack Plus product is designed specifically for large manufacturing, utilities or transport companies. It combines two elements of cover; property damage and cyberattack.

An example of a cyber-attack claim in this case could be a paint manufacturer where a hacker alters the chemical composition of the product. This could have huge implications for product safety as well as reputation. The result is a halted production line and potentially a large amount of unusable stock.


Preparing for a cyber-attack (or forewarned is forearmed)

It’s easy to think that these things will never happen to you, but at Brit we frequently see the impact and disruption such attacks can have. We make sure we learn from these experiences to help our clients get ahead of potential issues. Sometimes, we can even stop an attack before it happens.

Cyberparalax 1

ransomware ’double hit’

One client suffered a ransomware ’double hit’ in the same attack. Hackers installed malware and encrypted their system so it couldn’t be used. In the meantime, they also took a copy of the data and uploaded it to an FTP site (File Transfer Protocol site). The hackers demanded payment for the decryption key and another payment to remove the copied data from the FTP site.

Cyberparalax 2

breach prevention

Another client found a website identical to their own with one small but significant difference – a slightly different homepage address. It was an early attempt to create a website that could harvest passwords and personal or financial data from unsuspecting clients. Our Breach Counsel – appointed via our 24-hour breach response team - was able to walk our client through the potential situations that could occur and help to get the website taken down. It meant that they were able to prevent a breach from happening.

Brit clients have access to the DataSafe risk management platform and a virtual CISO service to help them navigate the cyber threat landscape and put measures in place to help prevent an attack.