In this session, we’ll highlight the trends Beazley has seen globally when it comes to assisting Insureds respond to ransomware incidents. In particular, we’ll cover the most common ways ransomware penetrates an organization’s network and the decisions they face when assessing options including:
- Whether to engage the attackers and attempt to negotiate?
- Consider whether it is faster to pay the attackers to get their data unlocked?
- If an organization has suffered a ransomware attack, does it mean they have also suffered a data breach?
We will also provide steps organizations and their IT departments can take to reduce the chances of a ransomware attack and to be better prepared in the event they experience an incident first hand. This session will include several actual scenarios that underscore these topics with the aim to put attendees in the shoes of an organization responding to a ransomware incident.
Speakers / Moderators
Jessica B. Schappell
SVP Enterprise Risk
Cyber risks are definitely on top of risk managers’ checklists with many companies imposing a work-from-home setup and perhaps raising vulnerability.
With cyber attacks getting more sophisticated and coming in more variety, an increase of 131% on ransomware attacks has been observed since last year. In the event of an attack, businesses may consider if it would be quicker, safer and more practical to pay the ransom instead of countering it. However, giving in to the hacker’s demands doesn’t guarantee that they’ll get their data back as if untouched. On the other hand, an attack also doesn’t 100% mean that a databreach has occurred. As such, it is best for organizations to tap on their network of experts rather than to face a cyber crisis on their own. Better yet, let us learn from earlier incidents and act on reducing the risk through training and additional security measures, preparing response plans and conducting ‘fire drills’ to set the stage before the attack occurs.
Some questions arising from the audience: What guidelines do risk managers need to consider in their assessments, updating their protocols and response plans? What are some common points of dispute between risk managers and insurers when it comes to cyber risk coverage