The Cyber Extortion Plight: Dealing with the Uptick in Ransomware, Spear Phishing, and Social Engineering Events – Which Way to Go When It Happens, the Extent to Which It Is Covered, and Some Practical Guidance on Mitigating the Effects and Potentially Preventing These Types of Attacks?

November 30, 2016 10:25am

What is it about?

  • Should ransom be paid/not paid? What are the consequences of either of these decisions? If it is paid, how does it affect insurance? What should cyber insurance cover? Is it a separate element that has to be purchased within cyber policies? Should it be sublimited?
  • How to deal with the cost of business interruption after a
    ransomware event: How does the cyber policy respond? Does
    it pay as a business interruption loss? As an extra expense? As a
    cyber-extortion loss?
  • What is/should be insurance solution for the theft of electronic
    funds? Cyber? Crime? Other? Where does it fall now? Where are
    the gaps? Does it need to be a new product or an endorsement
    on an existing product?
  • What may be some of the ways to avoid these types of attacks?
    • Backing up data and updating systems
    • The need for companies to have a proactive security posture in terms of monitoring what’s coming into the network; The need for companies to have a strong people-management given that a lot of these attacks involve employee error
    • How often to keep training and how to keep maintaining employee awareness?

Session Materials