A marketing agency was asked by a small and exclusive hotel chain with a growing portfolio of properties to help launch its latest upmarket destination.
Nice work if you can get it.
The hotel and its luxury spa had been photographed from every possible flattering angle. A range of launch events had been scheduled and a lavish promotional email produced, to be sent to a select group of clients.
So far, so good. The email looked suitably glitzy and had been signed off by the client. Now to wow the public with it.
Which is when things went unexpectedly wrong.
Red alert
The account manager responsible for creating the email had been working endless hours to get the campaign finished on time.
That meant he was feeling a bit sluggish when he opened his emails on Monday morning. Scrolling through, he noticed an alert from the company’s email management platform.
It seemed to be a security alert. The email asked him to reset the password for security reasons. He had a busy day ahead so didn’t have the time for scrutiny. He clicked the button on the email and duly reset the account’s password.
Or at least, he thought he did.
Mere minutes later, another email arrived in his inbox. Again, it was from the email management platform. This time, though, it was warning him about an unauthorised sign-in.
Alarm bells began to ring in his head. He went back and checked the previous email alert. His stomach dropped as he realised he’d fallen for a phishing email.
Phishing emails disguise themselves as authentic communications from companies or people that you know. They’re easy to fall for but there are a few ways you can sniff them out.
Data matters
Oh dear. That’s a mistake that screams ‘data breach!’ Now, the cybercriminals who sent the phishing email have access to marketing agency’s entire database of marketing contacts.
It’s the kind of thing that the Information Commissioner’s Office (ICO) takes a very dim view of.
Just as well, then, that the marketing agency had cyber insurance in place to help limit the damage. Because they had to alert everyone in their email database of the breach. After which, complaint calls started flooding in.
How cyber insurance for marketing agencies helped
- With complaint volumes rising, it provided an experienced team to contact everyone on the list, to let them know about the data breach if they didn’t already, and to help smooth things over. Thankfully, no one decided to sue. Cost: £1,750.
- It paid for a legal expert to inform the ICO of the data breach (a legal obligation), liaise with their officials and provide all the details. It also paid for the costs of the regulatory investigation once the ICO decided to take things further, and it also covered the eventual fine. Cost: £8,500.
- Reputations were taking a battering once the press got hold of the story – both the hotel chain’s and the marketing agency’s – but the PR expertise the insurance paid for helped to contain the crisis. Cost: £3,500 for one month.
Total cost: £13,750.
That’s a pretty serious and costly chain of events from such an innocent mistake.
All’s well that ends well
But just imagine how much worse it could have been if cyber insurance for marketing agencies didn't figure.
Plus, the agency was extremely lucky none of the people on the list claimed against them for breach of confidentiality.
The running total would’ve been a lot more, taking into account legal costs and damages. Not to mention how time-consuming it would have been, trying to keep on top of things.
As it was, the marketing agency weathered the storm and continued on. And the account manager who fell for the phishing email now always double checks before he clicks on any links – especially if he’s been working long hours.
Read more about what is cyber insurance and what it covers. Or, for info on how cyber insurance for marketing agencies can help, call us on 0345 222 5391.
Image used under license from Shutterstock.
claimscyber liability insuranceinsurance explainedmanaging riskmarketing and advertising