Auckland law firm's devastating cyber attack

“Don’t hesitate in getting cyber insurance for one second,” is the straightforward advice from an Auckland law firm practice manager. “In the modern world we live and do business in now, it is essential. I would say to anyone not sure: for the cost of having it, you would easily recoup the outlay if someday everything went wrong.”

Late last year the law firm she works for was targeted by a ransomware attack. Thankfully, the company had a cyber insurance policy arranged by Crombie Lockwood. 

“Knowing that we could contact Crombie Lockwood and advise them what had happened was very reassuring.”

There was a real process to how we responded to the attack and what happened next. An IT professional came in and took control of the situation; we were so grateful for the help we got with thanks to the policy and advice from Crombie Lockwood.”

For the law firm it was the post-incident help they received that was invaluable. In addition to covering the company for the costs associated with the cyber incident, their cyber insurance policy crucially gave them immediate access to an experienced ‘breach coach’ that was able to quickly coordinate the right experts to assist.

“It’s a kind of Armageddon when networks are taken down and organisations just don’t know where to start in response,” - Claire Haszard, Financial & Professional Risks broker.

Ransom demand of $50,000 USD

The cyber attack devastated the law firm, encrypting files, locking emails, and demanding a cryptocurrency ransom of US$50,000 (approximately NZ$69,500) to release the data and unlock their system.

“It happened right before Christmas during a very busy time for us. We were in a state of absolute shock – we wouldn’t have thought in our wildest dreams international cyber criminals would target a suburban law firm. But we were wrong.”

While the law firm had a highly competent IT team, it didn’t have the forensic specialty to delve into the breach, understand the extent of what was compromised and negotiate what to do about the ransom payment.

“It’s a kind of Armageddon when networks are taken down and organisations just don’t know where to start in response,” says Claire Haszard, Crombie Lockwood Manager Northern Region, Financial & Professional Risks.

“These are totally destabilising events and many businesses these days hold sensitive customer data and have financial transactions being made all the time. Business owners need to know that this can happen to any business. Its complex too, every cyber attack is different, so it takes someone with experience to coordinate the right people to assist in approaching the problem.”

IT Specialists and other experts can be required to help diagnose extent of cyber attacks

The role of CyberSAFE in recovery 

Crombie Lockwood’s specialist cyber insurance policy CyberSAFE offers 24/7 access to professionals including lawyers, forensic experts, IT consultants and public relations professionals who can communicate with customers, the press and stakeholders who may have been affected by the breach. 

With CyberSAFE, the law firm’s breach coach mobilised a forensic IT team to sweep their premises that very same day.

The forensic team soon found decryption was impossible. Given there was no other option, the law firm decided to pay the ransom. The breach coach as well as an IT specialist conducted appropriate sanction checks, negotiated the ransom, and accessed the cryptocurrency required.

Ultimately, the compromised law firm’s claim costs were in excess of NZ$100,000.

“The costs to the business are so much more than that ransom,” adds Claire. “You might not have been able to trade, you might have had money stolen and you might be facing regulatory fines. This all adds up really fast. But CyberSAFE is a one-stop shop to help cover the potential costs and quickly access the necessary expertise when you need it.”

“Even if you are hacked through your third-party provider, it’s still your reputation on the line and your clients’ and, in some cases, your providers might not be contractually liable for a breach,” says Claire.

Lessons from a cyber attack

The law firm practice manager says the ransomware attack taught the business new ways of working, moving much of its data back to hard disk back-up rather than relying on third party cloud software.

“We are very careful about what permissions we give to third party IT operators, and we only allow access in limited blocks. The incident taught us a lot, but thanks to Crombie Lockwood we were up and running again promptly. Having cyber insurance in place was probably the best insurance decision the company has ever made, she says.