Internet and technology make it easier for businesses to develop and reach a larger range of their target market. The internet has truly become the backbone of business in the 21st century and is almost impossible to ignore. Although, as technology develops, so do cyber risks such as AI cyber-attacks.
Cyber-attacks are getting more innovative and very common in the business world, from phishing emails, ransomware attacks and now deepfake AI cyber-attacks.
Artificial intelligence(AI) is now programmed in almost all devices, with functions like advancing camera quality, face recognition and virtual assistants. Unfortunately, as AI software develops, so does the use of AI in cyber-attacks. AI cyber-attacks is a new cyber risk that is almost undetectable; they can study the target and ruin a business.
This case study will explain how one of our clients suffered a large amount of financial loss due to an AI cyber-attack. Additionally, how cyber insurance was the best support and cover during the challenging time.
The client is an E-commerce business that sells health products online (website). They sell and deliver products worldwide and provide their products to different distributors. It is a successful business strategy to sell online and have an on-site presence. This strategy creates bigger brand awareness and increases sales.
Although, working online automatically makes a business possible cyber-attack victims. As attackers know, the business stores their data online and accessible by most employees. Therefore, companies will have to deal with a cyber-attack at some point with the development of hacker knowledge and skills. In fact, 43% of cyber-attacks target SMEs and 64% of companies worldwide have experienced some sort of cyber-attacks. Unfortunately, how prepared a business may believe they are, they could still be a cyber-attack victim- especially with the rise of AI cyber-attacks.
Client Problem- The Steps to the AI Cyber-Attack
The E-commerce business felt they had enough cyber security and employees were trained enough. As a result, the company believed they were safe until- they were not. The business was a victim of multiple attacks that led to the big AI cyber-attack that could have destroyed the brand.
The First Quite AI Cyber-Attack
It all began with employees receiving a very well discussed AI phishing mail from their manager. The attacker created the emails very well and had a similar style as their manager. A few employees clicked the email, and many noticed it was a phishing email. Although, at this point, no actions were taken, and there was no sign of an attack.
Only if they knew- the emails being opened and clicked on- had sent an AI virus into the employees’ devices. AI cyber-attacks are much more dangerous than any other cyber-attack- as the AI virus learns all about the actions taken and the data used. The AI virus moved to the business server and sent information to the hacker without anyone knowing.
The Main AI Cyber-Attack
The main AI cyber-attack began when the AI virus had gathered enough information to attack. It all started with a call to the head financial managers. The call was from a supplier asking for HKD 200,000 to gather ingredients and produce a new batch of products. Additionally, the attacker also sent an email showing the invoice. The manager looked at the very convincing invoice and sent the funds to the account number noted in the email and as instructed on the call.
The next day, the business found out they were victims of a deepfake AI cyber-attack. The manager said that she had spoken to this supplier before, and it sounded exactly like him. Even the email sent used the same format and invoice form as previous emails from the supplier.
The company was shocked and lost HKD 200,000 to an unknown hacker. The business also feared how much the attacker knew about their business and how could this have happened.
How Cyber Insurance was the Solution?
A cyber-attack is unpredictable and almost unavoidable in the growing technology generations. Although with the right tools and precautions, the negative impact of a cyber-attack can be reduced. One of the business’s best tools was cyber insurance, which they had purchased when they began their business online. The insurance allowed them to immediately contact their insurance company and inform them about the AI cyber-attack.
It is a vital insurance to deal with cyber risk and attacks in the 21st century. The insurance provides the business with the first-party response on loss and a third party response to cover liabilities occurring with the cyber-attack. Additionally, the coverage reimburses companies for expenses related to a data breach, legal costs or any financial loss.
Cyber Insurance Reimbursed The Following Costs:
- Transferred costs: HKD 200,000
- Incident Response Expenses (cyber police first-person response) :HKD 80,000
- Cyber security testing (checking for the existing virus): HKD50,000
- Cyber security Consultation fees: HKD 30,000
Total Costs: HKD 360,000
Cyber Insurance is a policy that should be one of the first insurance to purchase when starting a business. It is a crucial insurance to deal with cyber risk and attacks. Insurance companies have created cyber insurance to protect your business against material and immaterial cyber risks.
No matter how small or big your business is, you should purchase cyber insurance to protect your business from AI cyber-attacks. AI cyber-attacks will rise this year, and in the coming years, it is better to have cyber insurance as a safety net in this internet world.