Ransomware: How to Create a Comprehensive Incident Response Plan

Ransomware attacks are escalating, with more frequent and sophisticated attacks being seen globally in the past year. In the face of a devastating ransomware attack, many companies experience a “paralysis” that significantly lessens the effectiveness of their response. They are often caught off guard — and these hesitations and slow decisions can have significant financial and operational impacts. It is crucial to create a comprehensive incident response plan as the first step to prepare for any ransomware incidents that may take place.

Over the years, Marsh has helped countless organisations craft ransomware incident response plans and tailor cyber coverage to help them prepare for the unexpected. In this guide, we share our insights to help your organisation avoid response paralysis and recover quickly from an attack.


The value of preparing in advance for the possibility of a ransomware attack cannot be overstated. Here, we explore numerous considerations, from identifying your options to developing internal policies and guidance to understanding regulatory implications and potential sanctions.

During the Incident

This is where your planning will pay off. We provide insight into key areas during the incident, such as minimising your exposure and working with your carrier, along with the all-important question of whether to —and how to—pay the ransom.


The work doesn’t end after a ransomware attack is resolved. We provide specific guidance around recovery, including identifying additional weaknesses to strengthening your plan for the future.

Download Now

To learn more about removing response paralysis, fill out the form to download the Ransomware Incident Response guide.

Marsh Pty Ltd (ABN 86 004 651 512, AFSL 238983) (“Marsh”) arrange this insurance and is not the insurer. The Discretionary Trust Arrangement is issued by the Trustee, JLT Group Services Pty Ltd (ABN 26 004 485 214, AFSL 417964) (“JGS”). JGS is part of the Marsh group of companies. Any advice in relation to the Discretionary Trust Arrangement is provided by JLT Risk Solutions Pty Ltd (ABN 69 009 098 864, AFSL 226827) which is a related entity of Marsh. The cover provided by the Discretionary Trust Arrangement is subject to the Trustee’s discretion and/or the relevant policy terms, conditions and exclusions. This website contains general information, does not take into account your individual objectives, financial situation or needs and may not suit your personal circumstances. For full details of the terms, conditions and limitations of the covers and before making any decision about whether to acquire a product, refer to the specific policy wordings and/or Product Disclosure Statements available from JLT Risk Solutions on request. Full information can be found in the JLT Risk Solutions Financial Services Guide.”