What became of the claim?
Cyber Liability Insurance
Event
Just before the year-end holidays, a boutique travel agency was hit by a ransomware attack while senior executives were overseas. The attacker gained access by exploiting flaws in the authentication mechanisms at the time. The attacker claimed to have stolen more than 10 GB of sensitive customer data, including passport details and travel arrangements, and threatened to release it unless a ransom was paid.
Impact
The exposure of personal data created immediate legal and regulatory risks. Delays in notifying the affected individuals raised concerns around compliance with privacy laws. Operationally, it disrupted the business during a peak period and triggered internal discussions over whether to negotiate with or pay the attacker.
Response
Delta engaged forensic specialists to investigate the breach, verify the threat's legitimacy, and provide guidance on containment and recovery. Legal counsel supported the business in preparing a formal notification to the Privacy Commissioner. Customer support and monitoring were established to address concerns of affected parties. Communications experts prepared messages for customers and media aligned with regulatory expectations. Although the company initially considered paying the ransom, specialist advice received identified that payment would not guarantee the deletion or return of the affected data.
Outcome
A forensic investigation was undertaken to confirm the breach and assess its scope, informing remediation actions. Affected customers and relevant regulators were notified in line with legal requirements. The Privacy Commissioner subsequently reviewed the information provided and closed its enquiries. The claim was resolved within five months, and no ransom was paid.
.png?width=6000&height=125&name=Untitled%20design%20(3).png)
Lessons Learned
This incident highlighted that cyber insurance is just a part of the puzzle generally benefiting the response to an event but not mitigating the operational cyber risk.
- Delays in detection and reporting can materially increase the impact of an incident and introduce additional regulatory and legal exposure.
- Engagement with threat actors, including consideration of ransom payment, carries inherent uncertainty and risk, with no assurance of data recovery or deletion.
- The incident also reinforced the importance of robust preventative and response controls.
- Key areas for improvement include strengthening authentication controls, reducing reliance on unsupported or end-of-life systems, improving internal breach response capability, and ensuring that specialist advice is sought before any engagement with threat actors.
- Ongoing risk management should incorporate regular cyber hygiene reviews, user awareness training, phishing simulations, and proactive vulnerability assessments. The incident identified gaps in cybersecurity governance that have since informed remediation and future risk management planning.
What Cover Responded?
The claim was managed under Delta’s cyber liability insurance policy. The policy provided access to forensic experts, legal and regulatory support, breach response coordination, and public relations services. These resources were critical in handling the incident successfully. Learn more here.
This case study has been modified to de-identify any real-life individuals, events, or organisations (February 2026).
