Austria
Belgium
Denmark
Estonia
Finland
France
Germany
Greece
Iceland
Ireland
Italy
Liechtenstein
Netherland
Norway
Poland
Portugal
Spain
Sweden
Switzerland
Turkey
United Kingdom
Australia
Hong Kong
New Zealand
India
Indonesia
Japan
Malaysia
Philippines
Singapore
Thailand
Brazil
Chile
Colombia
Mexico
Peru
USA
Bahrain
Israel
Morocco
Oman
Saudi Arabia
UAE
Tanzania
Case study: Supporting a manufacturer through a cyber crisis
Published
Read time
A publicly listed manufacturer that is headquartered in Singapore faced a ransomware attack that threatened to expose confidential corporate and customer data. The incident posed significant reputational and operational risks. To compound the crisis, their insurer’s initial interpretation of the policy terms - specifically the application of excess and co-insurance - threatened to reduce the indemnity payout by over S$30,000, potentially leaving the company exposed to substantial financial loss.
How Howden Helped
Cyber incidents can be really daunting for any company. As the manufacturer navigated the complexities of the ransomware attack, Howden supported them along the way with a hands-on, strategic approach.
Proactive incident engagement
Our Financial Lines experts immediately mobilised to support the client’s internal response team. Given the client’s listed status, we swiftly secured NDAs despite the insurer’s complex approval protocols; so that the claim could be confidentially and promptly notified without delay.
We worked closely with the company’s incident response manager to ensure that the insurer was kept fully informed of all developments in real time from the initial breach notification to forensic updates and containment efforts.
Keeping insurers continuously informed is crucial for several reasons:
- Preserves policy validity: Many cyber insurance policies include conditions requiring prompt notification and ongoing updates. Delays or gaps in communication can jeopardise coverage.
- Builds trust and transparency: Timely updates foster a collaborative relationship with the insurer, reducing the risk of disputes or suspicion during claims assessment.
- Enables faster claims processing: When insurers are kept in the loop, they can begin their internal assessment earlier, which often leads to quicker resolution and payout.
- Supports accurate interpretation of coverage: Real-time context helps insurers better understand the nature and scope of the incident, which can influence how policy terms- like excess and co-insurance are applied.
By managing this communication on the client’s behalf, we removed a significant burden during a high-pressure situation, allowing the company to focus fully on mitigating the cyber threat.
Multi-stakeholder coordination
A cyber crisis involves many different stakeholders at a very fast pace - from legal counsel to forensic investigators, and ransom negotiators to incident response managers.
Our Financial Lines experts played a central role in aligning communications and ensuring insurer requirements were met across all parties. This helped avoid delays and kept the claims process on track throughout the incident.
Expert claims advocacy
As the insurer began assessing the claim, our in-house claims experts identified discrepancies in the application of excess and co-insurance. We challenged the insurer’s initial interpretation, presenting a detailed analysis of the policy wording and the incident context. Through persistent and informed advocacy in multiple rounds of negotiation, we structured and presented documentation in line with insurer expectation, reducing disputes and ensuring a smoother claims assessment process.
Ultimately, our efforts secured a reassessment of the insurer’s deduction. As a result, the insurer not only increased their interim indemnity offer, but also acknowledged the validity of Howden’s interpretation of key policy wording, setting a positive precedent for future claims .
The results
Howden’s support in this cyber crisis directly enabled the company to recover a higher indemnity – the final payout was significantly higher than the initial offer.
As a result of our claims advocacy, the insurer acknowledged and corrected their erroneous application of excess and co-insurance, reversing a potential reduction in indemnity. The claim was settled at the full policy limit, helping the client maximise their coverage and mitigate the financial impact of the cyber attack.
This case highlights the vital role of a broker; not just in placing insurance, but in standing by clients when it matters most. At Howden, we go beyond transactional support to deliver strategic advocacy, ensuring our clients get the outcomes they deserve.
Find out more about our Cyber risk capabilities.
