Skip to main content

Stability and reassurance during cyber disruption

Full support during ransomware crisis

Case study: Calm, coordinated response in a high‑pressure cyber extortion event

 

Industry: Construction & Infrastructure (New Zealand)

Challenge: Social engineering attack, malware deployment and data exfiltration

  • Cyber

    The Incident

    A social engineering attack enabled a threat actor to access the insured’s environment and deploy malware across multiple systems. While the insured’s IT believed the threat to be contained, further investigation by QBE’s specialist partners uncovered additional trojan malware.

    The attacker claimed access to up to 1.5 terabytes of sensitive personal and commercial data and issued escalating ransom demands to over USD 15 million, creating significant regulatory, contractual and reputational risk for the business.

  • Affiliated Agencies

    The QBE difference

    • QBE partnered with specialist incident response experts to deliver a calm, structured and coordinated response.
    • Clear, frequent communication supported Board‑level decision‑making as the situation evolved.
    • Indemnity was confirmed early, and response costs were reimbursed at a critical stage, providing reassurance and confidence when it mattered most.

    “What mattered most was knowing where things stood at every stage. The clarity and coordination gave us confidence it was being actively managed.” - Broker quote

  • Success

    The Outcome

    • Incident resolved without payment of a ransom, a significant achievement given the scale of the initial demands
    • Business operations continued throughout the event
    • QBE reimbursed ~ NZD 500k for response costs 
    • Legal intervention reduced reputational exposure and limited further risk.

Cover is subject to the applicable policy. These case studies are provided for illustrative purposes only, based on QBE’s claims experience. Some details have been changed for confidentiality. All products and services are provided by QBE Insurance Group Limited or its subsidiaries (“QBE”) or by QBE’s selected third party vendors and may be subject to additional terms and conditions, limitations and disclaimers [available on request].  Information and guidance provided by QBE is not intended to constitute any financial or professional advice tailored to your circumstances and may not have been prepared with detailed knowledge of your systems or the risks to your business, and does not cover all possible situations or actions necessary to respond to a cyber security incident.  QBE does not make any guarantees regarding outcomes, such as reduced claim exposure or that a product or service will meet your unique needs. You are responsible for using your independent judgment to assess the advice provided and the suitability of any product and this does not replace the advice of legal counsel or cyber security professionals in preparing for, or responding to, a cyber security incident. QBE is not liable or responsible for services provided by its third party vendors. QBE and the chain links logo are registered trade marks of QBE Insurance Group Limited and third party marks are duly licensed. © 2026 QBE Insurance Group Limited.