Industry: Professional services (Accounting)
Incident background
A small accounting firm hired a new Chief Financial Officer into the company. On the CFO’s first day, like anyone in a new job, they updated their LinkedIn profile to announce their move.
Using public information from the CFO’s LinkedIn, a threat actor impersonating a member of the company IT team called the CFO to introduce themselves and guide them through the final phases of IT onboarding. During this conversation, the CFO unwittingly provided their login credentials to the company MYOB account, which the threat actor then compromised.
As a result of the MYOB compromise, the threat actor was able to divert client supplier payment runs which resulted in the fraudulent transfer of over $75,000.
Outcome and solution:
Following first discovery, the Insured notified via the 24/7 cyber insurance hotline. Forensic investigators were appointed to investigate and quickly contain the incident, successfully preventing further fraudulent transfers. Broader support to the Insured included legal assessment and client notification communications support.
Claims costs:Including the amount of the fraudulent transfer, the total costs of responding to this incident exceeded $100,000. Insurance supported the Insured in managing the financial impact of the incident. By notifying quickly, the investigation team prevented a further $185,000 being misdirected. |
Industry: Engineering and manufacturing
Incident background
An engineering and manufacturing company specialising in fabrication suffered a cyber attack that brought production to an abrupt halt. A threat actor gained access to the company’s network and deployed encryption malware, locking critical systems that operated fabrication machinery and proprietary client product plans.
With systems offline, the business was unable to manufacture or fulfil client orders. Engineers shifted quickly to recreating designs manually while operations remained stalled. During the disruption, employee data was also exfiltrated from the network. The prolonged outage ultimately cost the business a major tender after they were unable to demonstrate operational capability.
Outcome and solution:
The incident was promptly reported via the 24/7 cyber insurance hotline, triggering immediate forensic support. Specialists contained the attack, assessed data exposure, and helped restore systems and critical files. Legal support was also provided to manage employee data impacts, allowing the business to stabilise operations and return to production within 7 days.
Claims costs:The incident resulted in total claim costs of $202,000, driven by legal fees, system restoration, forensic investigation, data review, communications support, threat intelligence and monitoring along with threat actor negotiation. Business interruption in connection with the incident was minimised by overtime performed by staff and due to the fast return to production. |
Industry: Education and training
Incident background
A school experienced a cyber incident after a staff member unknowingly interacted with a phishing email. The email triggered the download of malicious software onto the staff member’s device, enabling credential harvesting and remote access by a threat actor. The incident came to light when unusual activity was observed on the device, including remote control of the mouse, prompting immediate concern about unauthorised access to the school’s systems and sensitive information.
Outcome and solution:
The school notified their broker, who reported via the 24/7 cyber insurance hotline, triggering immediate forensic support. Forensic investigators were appointed to contain the threat and assess the extent of access across the network. Privacy specialists provided clear guidance on regulatory and notification obligations.
The forensic investigation confirmed there had been no unauthorised access to sensitive data. As a result, Atmos was able to advise that regulatory notification was not required and outline the appropriate communication approach for affected individuals, giving the school certainty and confidence as operations returned to normal.
Claims costs:The incident resulted in total claim cost of $23,000, driven by legal fees and forensic investigation. The certainty provided by the investigation team helped avoid unnecessary costs as the team identified that sensitive information had not been accessed. |
Industry: Professional services (Law)
Incident background
An Australian professional services firm operating in the legal industry experienced a cyber incident after an employee unknowingly interacted with a phishing email. The compromise resulted in unauthorised access to the employee’s mailbox and triggered a large scale outbound phishing campaign to the firm’s client contact list.
Outcome and solution:
Given the nature of business email compromise incidents, there was a real risk that the threat actor had synchronised the mailbox, potentially granting ongoing access to all emails, attachments, and contact data. Specialist forensic investigators were rapidly engaged to contain the incident and determine the scope of the compromise. Their investigation confirmed that unauthorised access was confined to a limited number of mailbox items and had not extended across the entire account.
Forensic investigators were engaged early to guide the Insured through its legal and regulatory obligations, providing clarity at a critical moment. While no funds diversion occurred, the incident highlighted the often hidden costs of phishing attacks, including forensic investigation, data mapping and compliance analysis required to confidently assess notification requirements. With expert support in place, Atmos was able to respond decisively, reassure stakeholders and close out the incident with confidence.
Claims costs:The incident resulted in total claim cost of $26,500, driven by legal fees, the forensic investigation and communications support to manage inbound queries received from clients because of the phishing campaign. |
These claims are a reminder that cyber risk isn’t one-size-fits-all, and neither is the response.
Having the right policy in place is only part of the equation. Access to experienced incident response teams, clear coverage and proactive broker advice all play a critical role in helping clients navigate an event.
If you’re supporting clients across different industries and risk profiles, understanding how policies respond in practice can make all the difference.
Explore how our Cyber cover can support your clients.
|
|
Copyright © 2026 DUAL Australia Pty Ltd (ABN 16 107 553 257, AFSL 280193). All rights reserved.
The information contained in this blog is intended for licensed insurance brokers and other authorised intermediaries only. DUAL issues insurances on behalf of Certain Underwriters at Lloyd’s of London and/or Allianz Australia Insurance Limited, acting as their agent. The information is of a general nature and does not take into account the objectives, financial situation or needs of any person. It is intended for the use of professional intermediaries who are expected to consider whether it is appropriate for their clients. Before recommending or offering any insurance product, intermediaries should read the policy wording, relevant Product Disclosure Statement (PDS) and Target Market Determination (TMD) and assess whether the product is suitable for their client’s circumstances. These are available on request or via our website at DUAL Australia.