Ransomware event shuts down business systems
A business's internal systems are encrypted by a ransomware actor who gains access through a phishing email opened by an employee. The business is unable to access its accounting software, scheduling system, and customer database for several days while the incident is investigated and systems are restored. Cyber liability can respond to several costs, subject to the policy's terms and exclusions. Those are the forensic investigation to determine the scope of the intrusion, the cost of data restoration, and business income lost during the period of system outage. If the attack involved the exfiltration of customer or employee data, notification obligations and credit monitoring costs may also be covered under the same policy. The scenario illustrates why response costs — not just data theft — are a primary driver of cyber losses. It shows why system-outage coverage is a meaningful component of a well-structured cyber form.