As cyber crime becomes increasingly sophisticated, business leadership teams must work together to adopt a comprehensive approach to manage and respond to cyber-related exposures. Effective preparation is vital and typically involves carefully coordinated and integrated activities including safeguarding technology, providing adequate risk transfer through insurance, and managing recovery with sound forensic, investigative and claims handling procedures.

Over the past year, a new wave of cyber attacks have shut down companies’ technology operations while criminals demand immediate ransoms. These attacks can cause substantial downtime, reputational damage, and business interruption losses.

Along with testing and securing your technology infrastructure and diligently evaluating the information security practices of your trading partners and customers, the following five measures can jumpstart your efforts to deal with these serious threats.

  1. Form a multi-disciplinary team to deal with cyber extortion risks.
  2. Review your insurance coverages
  3. Create an incident response plan
  4. Understand your roll in an incident investigation
  5. Coordinate claims management

Multi-disciplinary Team

Even if you already have a team in place to deal with cyber risk issues, you may need to add a few members to specifically address ransomware and cyber extortion crimes. The team should include at least one key executive from finance, information technology, security, legal, human resources, operations, compliance and communications. You should consider including the insurance broker that writes your cyber, fidelity, and property insurance, outside counsel, claims consultants, and external information security or forensic specialists. Your external assets should be ready to respond to a threat with an agreement, contract and/or retainer for immediate delivery and action. This team should continuously examine the company’s potential vulnerabilities to attacks, the technology-related exposures and logistical risks (mobile phone, tablet, and laptop usage; password protection protocols), measures to monitor employee compliance, and restrictions for employee access to company and client data.

Insurance Coverage

Be sure to perform a detailed review of your insurance protection for ransomware and cyber extortion More than one type of policy may be needed to address your risk profile such as crime, surety bonds, cyber and network security, kidnap/ransom/extortion, and commercial property. Selectively communicate to the team regarding your insurance program so that they are aware of the possible risk transfer and financial remedies available in the event an incident or threat occurs.

Work with your insurance broker to determine how your coverage might respond to any ransomware or cyber extortion incident and determine if your limits of coverage are adequate. Ask if your policy includes access to panel experts such as law firms, public relations firms, cyber forensics, and forensic accountants. This review may result in a need for your broker to revisit this topic with your insurer and amend the coverage and/or limits of insurance.

Incident Response Plan

If you receive a cyber extortion threat or suffer a ransomware attack, your company will not have time to craft a response plan. Cyber criminals typically insist that a ransom be paid within hours of the request, often with bitcoin. If payment is not made, the ransom price can go up exponentially so the decision about whether or not to pay must be made before the event.

If the plan is to pay, then consider input from your insurance broker, cyber experts, and law enforcement agencies who may be familiar with criminal actors and their track records of extortion and results. In addition, your insurance broker can prepare you for compliance with any protocols, guidelines or specific conditions required by your insurance policy(ies) when responding to a ransom/extortion demand. Be sure you engage consultants that can provide effective negotiation and access to bitcoin resources.

Your Role in an Incident Investigation

If a criminal investigation occurs, information flows one way toward law enforcement, which typically cannot share and evidence or information they uncover. Your company needs to be prepared for all potential implications including the impact on your employees and day-to-day operations. Your team should know when and how to notify law enforcement as well as which agencies to contact in the event of certain cyber-attack scenarios

Claims Management

Depending on the type of ransomware attack and whether internal employee involvement is suspected, a few different insurance policies could respond. Even though insurance recovery is vital, it will not be top of mind for those team members in the “heat of battle.” As such, advance planning and communication within the team will make the claims management process more manageable and effective.

In any situation, your team must be prepared to triage the incident and prioritize the order in which to contact insurers regarding claim notification. Consider designating a specific team member with the responsibility to partner with your insurance broker and ensure that the proper claim notifications are expedited. In addition to handling the initial notifications, this team member should fully understand what documentation each insurer will require and recognize the corresponding sources to access within your organization including finance/accounting, operations, technology, and marketing/communications.

To learn more about how to respond in the event of a ransomware attack and/or to request a review of your coverage, please contact your Sequoia Risk Advisor, or connect with them directly in HRX.

Disclaimer: This content is intended for informational purposes only and should not be construed as legal, medical or tax advice. It provides general information and is not intended to encompass all compliance and legal obligations that may be applicable. This information and any questions as to your specific circumstances should be reviewed with your respective legal counsel and/or tax advisor as we do not provide legal or tax advice. Please note that this information may be subject to change based on legislative changes. © 2020 Sequoia Benefits & Insurance Services, LLC. All Rights Reserved

Mary Beth Downs – Mary Beth Downs is a Senior Risk Advisor for Sequoia, providing property and casualty consulting services to our clients helping them protect assets, scale in the marketplace, and manage risk. As a Bay Area resident for the past 27 years, she enjoys volunteering in her local community and traveling within the state as much as possible.