Cyber Risks
The main value we offer our clients from the RTS Cyber Risk specialty is to have a specialised technical consultancy that allows us to successfully attend to the most technically complex requests, moreover at a time when the number of cyberattacks are proliferating.
Incident types
- Ransomware attacks which, through encryption, compromise information and the activity.
- “CEO fraud” types of deception, entailing a financial loss.
- Denial of Service (DoS) attacks that interrupt services.
- Errors or omissions in the design of information systems or provision of services or installation of elements
- Interrupted service provision in the context of Information & Communication Technologies (ICT).
Our protocol’s 7 keys
- Technical understanding of the affected services and infrastructure, including preventive security measures of a technical and organizational nature.
- Technical understanding of the loss, through forensic engineering reports issued by first-response centres and/or systems departments.
- Appraisal of adopted measures for containment and future risk mitigation, based on efficacy, proportionality, and whether they may represent improvements.
- Appraisal of a claim and the damage suffered based on its accreditation, proportionality and relation to the incident.
- Analysis of cover under the policy. Our specialists are experts in these types of policies.
- Loss adjustment under the policy. It is extremely important to distinguish containment costs and direct losses from others.
- Analysis of possible grounds for exclusion. Preventive measures may be insufficient or based on obsolete systems.
Some of the losses we have intervened in:
- Auxiliary automotive industry, misled by “CEO fraud” into paying outstanding invoices, in the belief there had been a change in banks.
- Engineering firm that suffered a ransomware attack affecting more than one hundred servers and with suspected persistence of the attacker.
- Hospital whose activity was interrupted after an attack affected diagnostic equipment.
- Textile industry with loss of turnover caused by identity fraud / impersonation on social media invalidating their marketing.
- Hoster of storage space affected by a ransomware attack and obliged to respond to numerous claims from customers whose services had been compromised.
- Bank affected by the exploitation of a vulnerability in their online banking.
- Travel agency affected by an error in the configuration of their online payment systems.
- Telecommunications operator that suffered a system crash as a consequence of errors in maintenance works.
- Law firm whose activity was interrupted after suffering a Denial of Service (DoS) attack.
- Agrifood industry required to stop its activity because the cyberattack affected its production systems.
- Energy operator that was a victim of “CEO fraud” and made a payment in the belief it formed part of an investment transaction.
- Importer of domestic articles whose viability was put at risk with the loss of previous campaign data histories.
- Tax advisors who were unable to present tax declarations on time.
- Consulting firm that received a claim for failing to deliver on time software developments with the expected functionalities.
Alberto Suárez