A 2023 cyber event and its subsequent, ongoing operational and fiscal impacts provide a tangible, quantifiable example of the immediate and long-term realities a significant cyber event can have on an organisation.
In our view, the event also acts as a clear counterargument against those advocating for an outright ban for organisations having an option to pay ransoms.
The event equally demonstrates the importance of organisations ensuring their approach to cyber and technology risks is one focused on resilience and not purely prevention and/or defence.
A major British cultural institution is still facing the consequences of a cyber-attack it suffered back in October 2023 which left its online services inaccessible. It is claimed that 490,191 files, or 630GB of data, were stolen from the institution’s CRM database.
The attack was claimed by the Rhysida Ransomware Group, which gave the institution just a week to pay £600,000 (roughly AUD $1.14 million). Otherwise, it said it would sell the data, which included passports and employment documents, to a third party.
Understand the lessons, learnings and ongoing impacts
Download the report to understand:
The ongoing impacts, both fiscally and operationally
Where organisations go wrong
Examples of longer-term costs
No Personal Identifiable Information (PII) loss does not mean no costs
The Australian experience
Relevance of a resilient-focused strategy
Directors’ & Officers’ risk considerations
Where cyber insurance fits in
Click the download button (located on the right for desktop users and at the bottom for mobile users) to access the report.
For further information, please contact:
Mark Luckin, National Manager, Cyber & Technology, Lockton Australia
E: Mark.Luckin@lockton.com (opens a new window)
Carlo Ramadoro, Global Cyber & Technology, Lockton UK
E: Carlo.Ramadoro@lockton.com (opens a new window)
The contents of this publication are provided for general information only. Lockton arranges the insurance and is not the insurer. While the content contributors have taken reasonable care in compiling the information presented, we do not warrant that the information is correct. It is not intended to be interpreted as advice on which you should rely and may not necessarily be suitable for you. You must obtain professional or specialist advice before taking, or refraining from, any action on the basis of the content in this publication.