As part of Aon’s ongoing EMEA Cyber Webinar Series we focused our 6th Forum on managing a cyber insurance claim as effectively and efficiently as possible, in the event of an incident. We felt that Law Firms’ experiences have been far from straightforward when it comes to processing and settling cyber claims, and that this warrants a further ‘deep dive’ into these challenges. We discussed real-life experiences and lessons learned as Tom Ricketts and Jared Pallett took us through a real-life case study of a law firm who had suffered a ransomware attack and tried to do all the right things – but missteps affected their ability to recover losses under insurance, including:
Assumed it to be a tech problem
Engaged existing MSSP to investigate and remediate
Did not engage law enforcement or preserve forensic evidence
Agreed to threat actor demands without enough due diligence
Only notified insurers once they believed the incident was over
Special thanks to Jared, whose ‘day-to-day’ is incident response investigation and recovery, for sharing some of his war stories and giving the Forum members some ideas for updating Incident Response plans.
Another key takeaway from the Forum is that Threat Intelligence is more important than ever – both proactive and reactive and we discussed the recent Lloyd’s Market Guidance on Ransomware which requires both Threat Intelligence and Blockchain/Cryptowallet Analysis be done in all incidents involving ransomware.
Cyber Forensics: Effective use of Incident Response Experts
For more detail on the key questions that need to be answered in the post- breach investigation, you may find our guidance in the 2022 Global Data Review Handbook particularly helpful.
If you would like join our Law Firm CISO Forum, please get in touch.
|
