Back to Aon Insights

How Cyber Insurance Saved This Small Business

The following story is based on a real-life insurance claim experienced by a professional services client with Cyber Insurance arranged by Aon. All names have been anonymised for privacy reasons.

An 8-person professional services firm in New Zealand, focused on providing excellent service to its clients, suddenly found itself facing a business email compromise event targeting their administration/accounts manager. 

The threat actor gained unauthorised access to the business’s mailbox, leading to a significant breach. 

The breach was discovered when approximately 400 clients of the firm received emails with "overdue statements" featuring altered bank information. A vigilant client, using an alternative communication method, contacted the firm to verify the bank change. This alert prompted the firm to recognise the breach, and they immediately notified their cyber insurance provider, who immediately activated incident response support that included:

•    IT support: To triage, contain, and remove the threat actor’s presence from the compromised mailbox.

•    Client notification: To reach out to all 400 clients to inform them of the manipulated statements and to prevent any payments to the threat actor.

•    IT forensics: To conduct a thorough scan of the breached mailbox to identify that sensitive personal information, including ID documents and financial information, had been accessed and some of it exfiltrated.

•    Legal support: To provide advice regarding the privacy breach and assist in notifying the Office of the Privacy Commissioner and the victims of the breach.

•    ID monitoring and protection: To offer services to the victims to monitor for any publication of their information on the web or dark web.


The financial impact

The total cost of the cyber claim amounted to $73,000. This figure, while significant, was mitigated by the timely intervention and support provided by the insurer. Without cyber insurance, the financial impact could have severely affected the firm’s ability to operate effectively.


The true value of cyber insurance

This case highlights the importance of cyber insurance for small businesses. The insurance coverage and vendor support allowed the firm to manage the breach effectively, minimising potential financial losses and reputational damage. The incident underscores the need for robust cyber security measures and the value of having a responsive insurance partner.

Duncan Morrison, Aon’s Cyber Practice Leader, describes cyber insurance as a lifeline for small businesses.

“As cyber threats continue to evolve, the importance of having robust cyber insurance cannot be overstated. It provides not only financial protection but also peace of mind, knowing that expert support is available when you need it most. At Aon, we're here to help you navigate the complexities of cyber insurance and provide the essential support you need when things go wrong. Don't wait for a breach to happen—let's work together to ensure your business is resilient and prepared for a cyber threat."

Reflect on your own business’s cyber defences—are you prepared for a potential breach?

Talk to Duncan today to help ensure your business is cyber risk resilient.



Related Articles

What is Cyber Insurance and Why Does Your Small Business Need It?
The True Consequences of Underinsurance on Your Business.
Employee Benefits as a Strategic Move for Small Businesses




© 2025 Aon New Zealand
This content is not intended to address your specific situation nor is it intended to provide advice. You should review the information in the context of your own circumstances. While care has been taken in the production of this content, Aon does not warrant, represent or guarantee the accuracy, adequacy, completeness or fitness for any purpose of the content and can accept no liability for any loss incurred by any person who may rely on it. This content has been compiled using information available to us up to its date of publication.


 

© 2024 Aon plc

This website contains general information only and does not take into account your individual needs or financial situation. It is important to note that limits, excesses, terms and conditions and exclusions apply to the products and services outlined on this website. Please refer to the relevant policy documents for details of cover, the provision of which is subject to the insurer’s underwriting criteria that apply at the time. Please contact us if you have any questions.