As we previously noted, a recent ransomware attack crippled over 75,000 computers in over a 100 countries. The "WannaCry" appears to be the largest Ransomware attack to date. However, cyber-experts are already warning of a second, bigger, wave.
Organizations are scrambling to respond to the increasingly ominous threat. However, in our experience, one aspect is frequently overlooked in incident response plans: insurance. Any cyber contingency exercise should factor in the role of insurance. There are three reasons.
First, many policies carry a reporting requirement. Insureds must report the incident, even if coverage is not available. Failure to do so runs the risk of forfeiting future related coverage e.g. in a subsequent Directors & Officers Liability claim arising out of the same incident. For certain "claims made" policies, failure to report a previous incident can void coverage in later policies.
Second, insurers are increasingly offering free or steeply discounted cyber assistance: the digital counterpart to the "preventative medicine" model. Even if an organization has not experienced an incident, it should utilize these resource. A insurer's practiced eye can identify easily rectified issues - an exercise that could avert a potential catastrophe down the road. Since the personnel detailed to this task specialize in constantly evolving...