Skip to main content

Solution

Cyber Risk Ransomware Readiness Workshop

Marsh’s Cyber Advisory’s Ransomware Readiness Workshop is designed to help your organisation understand from an insurance perspective.

Identify

Identify and validate cyber incident response procedures. 

Uplift

Uplift response procedures with a best-for-you plan

Recover

Recover and restore to “business-as-usual” operations quicker

Ransomware attacks are escalating, with more frequent and sophisticated attacks being seen globally in the past year.

Whilst prevention is key, it is equally important that organisations are ready to respond in the event a ransomware attack is succeeds.

Key objectives

  • Our Ransomware Readiness Workshop is designed to help your organisation understand from an insurance perspective:
  • The evolving ransomware landscape and claims trends unique to your industry that we see here at Marsh.
  • The roles and responsibilities of external and internal participants, and how that aligns with the insurance process.
  • The lifecycle of a ransomware claim and common pain points to avoid in order to maximise recovery under your policy.
  • Your decision making framework, including whether to engage or not engage with the threat actor group and pay or not pay the ransom demand.
  • Any procedural deficiencies in your pre, during and post ransomware response plan.
  • Our insight to help your organisation avoid response paralysis and recover quickly from a ransomware attack.

Who should attend

We recommend up to ten people attend the workshop. Ideally, it will involve all the key decision makers within your organisation in the event of a ransomware incident. We have often been advised by our clients that the following attendees have benefited greatly from the workshop:

  • Insurance/ risk manager
  • Legal counsel
  • Chief information security officer
  • IT and management personnel
  • Member(s) of your board

Ransomware as a case study

Have you always wondered:

  • How does your policy responds to a ransomware claim?
  • Who makes the decision to pay or not pay the ransom demand?
  • What assistance is available to negotiate with the threat actor demanding a ransom to be paid?
  • What is the due diligence process before making payment of a ransom demand?
  • What technical assistance is available in any recovery process?

Utilising ransomware as a case study

Marsh will take you through a ransomware flowchart, summarising key client considerations throughout a potential incident and steps to resolution – ensuring you feel confident with how your organisation and insurance policy would respond should an incident arise.

FAQs

A cyber incident response plan is a set of instructions that helps an organisation to identify, respond to and recover from cybersecurity incidents.

The 5 step approach to creating an incident response plan:
  1. Document the common types of security incidents that can occur in the organisation.
  2. Prioritise security incidents based on the severity. Incidents that impact organisational data and operational availability should be addressed as priority.
  3. Create an incident response flowchart with the steps to follow. Use a RACI matrix to list the personnel who will be involved at different stages of the incident response.
  4. Conduct mock up (simulation) exercises to train staff in the incident response plan.
  5. Update the incident response based on findings from the mock-up (simulation) exercises.

A cybersecurity incident response plan includes the security measures that an organisation should follow to respond to a cyberattack as it happens. The plan is broken up into 3 segments

  • Pre-incident: the plan documents the tools, resources and  personnel required to react to the incident
  • Incident response: the main segment that lists the step by step approach to be taken in response to an incident and restore the organisation back to regular business operations.
  • Post-incident: This segment documents the requirements for incident forensics and investigation to identify the failures that resulted in the incident occurring and the lessons learnt during the incident response stage.

Why Marsh

As experts in enterprise and cyber risk, we help you take an enterprise wide, scalable approach in building your cyber resilience.

Together, we identify your risks, and develop a best-for-you program and team of partners to help manage it.

Informing your approach and decision-making process with our 25 years of cyber expertise and data-driven insight. So that your path to cyber resilience is more productive and predictive; and your outcomes are more efficient and effective.

Article

Cyber resilience: 12 key controls to strengthen your security

Take practical steps to build your cyber resiliency with Marsh’s series on the 12 recommended cybersecurity controls, including their characteristics and requirements.

Our people

Placeholder Image

Gill Collins

Head of Cyber Incident Management and Cyber Advisory, Marsh Pacific

This publication is not intended to be taken as advice regarding any individual situation and should not be relied upon as such. The information contained herein is based on sources we believe reliable, but we make no representation or warranty as to its accuracy. Marsh shall have no obligation to update this publication and shall have no liability to you or any other party arising out of this publication or any matter contained herein. LCPA 23/167

Marsh Pty Ltd (ABN 86 004 651 512, AFSL 238983) (“Marsh”) arrange this insurance and is not the insurer. The Discretionary Trust Arrangement is issued by the Trustee, JLT Group Services Pty Ltd (ABN 26 004 485 214, AFSL 417964) (“JGS”). JGS is part of the Marsh group of companies. Any advice in relation to the Discretionary Trust Arrangement is provided by JLT Risk Solutions Pty Ltd (ABN 69 009 098 864, AFSL 226827) which is a related entity of Marsh. The cover provided by the Discretionary Trust Arrangement is subject to the Trustee’s discretion and/or the relevant policy terms, conditions and exclusions. This website contains general information, does not take into account your individual objectives, financial situation or needs and may not suit your personal circumstances. For full details of the terms, conditions and limitations of the covers and before making any decision about whether to acquire a product, refer to the specific policy wordings and/or Product Disclosure Statements available from JLT Risk Solutions on request. Full information can be found in the JLT Risk Solutions Financial Services Guide.”