![[LOGO] Corvus Insurance by Travelers](https://info.corvusinsurance.com/hubfs/Corvus%20by%20Travelers%20Logos/CORVUS-Travelers-SML-POS-RGB.svg "[LOGO] Corvus Insurance by Travelers")
RISK PREVENTION CASE STUDY
Manufacturing Firm Avoids Potential $250K Claim
A manufacturing firm avoided a major claim after a threat actor compromised its VPN accounts. The firm strengthened its cybersecurity by implementing Corvus-recommended controls, resulting in more favorable renewal terms.
![[PHOTO] Manufacturing Industry Endorsement from Corvus Insurance](https://info.corvusinsurance.com/hs-fs/hubfs/mfc_hero.webp?width=482&height=299&name=mfc_hero.webp)
Key Takeaways
![[ICON] Company Information](https://info.corvusinsurance.com/hubfs/manufacturing_icon.svg){kind=icon}
Company Information
Manufacturing firm
![[ICON] Incident Type](https://info.corvusinsurance.com/hubfs/icon-cyber-inccidents.svg){kind=icon}
Incident Type
Security breach via weak payroll account password
![[ICON] Response Time](https://info.corvusinsurance.com/hubfs/personalized%20rapid%20response%20icon.svg)
Response Time
Within 30 minutes
![[ICON] Actions Taken](https://info.corvusinsurance.com/hubfs/risk%20prevention%20icon.svg)
Actions Taken
Rapid alert of breach & implementation of MFA
![[ICON] Results](https://info.corvusinsurance.com/hubfs/compromised%20assets%20icon.svg)
Results
Avoided potential $250,000+ ransomware claim
![[ICON] Policy Benefits](https://info.corvusinsurance.com/hubfs/underwriting%20icon.svg)
Policy Benefits
Reduced premium and removal of sublimit
Case Study Overview
A manufacturing firm successfully avoided a major claim and later participated in strategic discussions with Corvus cyber experts. By implementing recommended security controls the firm significantly enhanced its cybersecurity posture, which was viewed favorably by the underwriter working on the renewal account and resulted in improved insurance terms..
The Challenge
Corvus received an urgent notification from a trusted threat intel vendor. A threat actor had compromised the firm’s VPN accounts and was selling access on the dark web. Understanding the potential consequences, the team swiftly moved to alert the insured and mitigate a full-blown incident.
Corvus' Response
Within minutes of receiving the alert, a Corvus cyber expert was on the phone attempting to reach both the policyholder and their broker. Once connected, the expert guided the policyholder through immediate actions, including quickly revoking access for the compromised VPN account and taking the VPN offline for investigation.
During the investigation, it was revealed that the threat actor had accessed the system by exploiting a weak password on a payroll account, successfully breaking in after attempting multiple password combinations. The Corvus team worked hand-in-hand with the company to help strengthen their defenses, including the activation of Multi-Factor Authentication (MFA) across all VPN accounts. This swift response effectively blocked any further attempts by the attacker, and a thorough review of the network confirmed there were no additional signs of intrusion.
Results & Policy Benefits
In these scenarios, speed is crucial; once access is sold, ransomware groups often target victims within days. Thanks to the proactive measures taken by the Corvus Risk Advisory team, the company avoided a potential ransomware claim which could have exceeded $250,000.
Additional results:
Reduced Premium: The measures implemented led to a significantly improved Corvus Score and favorable responses on the insurance application during renewal.
Removal of Sublimit: The company not only received a reduction in premium but also successfully eliminated the ransomware sublimit, enhancing their coverage.
This case illustrates the importance of swift action and expert guidance in mitigating cybersecurity threats, ultimately leading to substantial financial benefits for the insured.