The Christie’s Auction House Hack & You: Cyber Security Insights

The ongoing hack of Christie’s auction house immediately ahead of a planned $840M art sale is an abject lesson in the realities of risk in today’s internet-connected and dependent business world.

ArtNews has a nice overview of the situation. In short, Christie’s main site has been down for five days and there is currently no indication from the company of when it may return. The company has pulled together a work-around, but it’s clear that the hack has caused the venerable auction house to scramble and the implications for those selling and planning to buy art in the auction are unclear.

So what happened? How’d they hack the site?

That’s not clear yet, either. Christie’s has not released detailed information on the breach. What is clear is that Fine Art is a consistent target for cyber attacks and broad cyber liability coverage is vital in these instances. Why? Because fashioned properly, it’s a solid safety net and backstop to protect your business, and recover and rebuild from an attack. A good cyber liability coverage program will hit all the key exposures of such an attack:

• Business interruption, sometimes known as business income loss
• Breach response
• Reputational harm and
• Third party liability coverage.

Insurance, however, is the thing you absolutely need to have, and absolutely don’t want to need to have. Your first line of defense is always good risk management. Again, Christie’s isn’t saying how this breach happened, so we can only advise at this point that those in the Fine Art industry take this incident as a reminder to ensure they have their bases of good cyber risk management covered. These include:

• Have multi-factor authentication enabled on all systems
• Have an up-to-date and vetted business continuity plan
• Consistent cyber security training for employees
• Conduct regular vendor cyber security reviews

Cyber security is an ever-evolving landscape. As more is known about this particular breach, we will update our communications. In the meantime, if your business is affected or you have any questions about your cyber liability coverage, please connect directly with our Cyber Liability team at cyber@riskstrategies.com

Want to learn more?

Find Allen Blount on LinkedIn.

About the author

Allen Blount leads the Cyber Team at Risk Strategies, where he guides organizations on cyber liability insurance, cyber risk management, and analyzing incidents like the Change Healthcare cyber attack. Before his insurance career, he practiced law.