The Cyber Extortion Plight: Dealing with the Uptick in Ransomware, Spear Phishing, and Social Engineering Events – Which Way to Go When It Happens, the Extent to Which It Is Covered, and Some Practical Guidance on Mitigating the Effects and Potentially Preventing These Types of Attacks?
What is it about?
- Should ransom be paid/not paid? What are the consequences of either of these decisions? If it is paid, how does it affect insurance? What should cyber insurance cover? Is it a separate element that has to be purchased within cyber policies? Should it be sublimited?
- How to deal with the cost of business interruption after a
ransomware event: How does the cyber policy respond? Does
it pay as a business interruption loss? As an extra expense? As a
- What is/should be insurance solution for the theft of electronic
funds? Cyber? Crime? Other? Where does it fall now? Where are
the gaps? Does it need to be a new product or an endorsement
on an existing product?
- What may be some of the ways to avoid these types of attacks?
- Backing up data and updating systems
- The need for companies to have a proactive security posture in terms of monitoring what’s coming into the network; The need for companies to have a strong people-management given that a lot of these attacks involve employee error
- How often to keep training and how to keep maintaining employee awareness?