Skip to main content
Marsh logo

Article

Ransomware: How to Create a Comprehensive Incident Response Plan

It is crucial to create a comprehensive incident response plan as the first step to prepare for any ransomware incidents that may take place.

Medium shot of two women working in a data center with rows of server racks and checking the equipment and discussing their work
Person's name and title

By Kelly Butler

Cyber Practice Leader, Marsh Specialty

08/24/2022 · 2-minute read

Ransomware attacks are escalating, with more frequent and sophisticated attacks being seen globally in the past year. In the face of a devastating ransomware attack, many companies experience a “paralysis” that significantly lessens the effectiveness of their response. They are often caught off guard — and these hesitations and slow decisions can have significant financial and operational impacts. It is crucial to create a comprehensive incident response plan as the first step to prepare for any ransomware incidents that may take place.

Over the years, Marsh has helped countless organisations craft ransomware incident response plans and tailor cyber coverage to help them prepare for the unexpected. In this guide, we share our insights to help your organisation avoid response paralysis and recover quickly from an attack.

Pre-Incident

The value of preparing in advance for the possibility of a ransomware attack cannot be overstated. Here, we explore numerous considerations, from identifying your options to developing internal policies and guidance to understanding regulatory implications and potential sanctions.

During the Incident

This is where your planning will pay off. We provide insight into key areas during the incident, such as minimising your exposure and working with your carrier, along with the all-important question of whether to —and how to—pay the ransom.

Post-Incident

The work doesn’t end after a ransomware attack is resolved. We provide specific guidance around recovery, including identifying additional weaknesses to strengthening your plan for the future.

Contact Us

For more information about Cyber Risk and how Marsh can support your business, please contact your Marsh representative.

Remove Response Paralysis with a Comprehensive Incident Response Plan

Download now

Related insights

Aerial view of crowd connected by lines

Article

Solving the cyber risk financial dilemma

04/18/2024
In Technology Research Facility: Female Project Manager Talks With Chief Engineer, they Consult Tablet Computer. Team of Industrial Engineers, Developers Work on Engine Design Using Computers

Article

2023-2030 Australian Cyber Security Strategy

11/27/2023
Placeholder Image

Article

Silent cyber: how to ensure your organisation is protected

08/09/2023
Placeholder Image

Webcast

Generative AI risks and insurance considerations

07/26/2023
View more

Marsh Pty Ltd (ABN 86 004 651 512 AFS Licence No. 238983) arrange this insurance and are not the insurer. The information contained in this publication provides only a general overview of subjects covered, is not intended to be taken as advice regarding any individual situation and should not be relied upon as such. Insureds should consult their insurance and legal advisors regarding specific coverage issues. All insurance coverage is subject to the terms, conditions, and exclusions of the applicable individual policies. Marsh cannot provide any assurance that insurance can be obtained for any particular client or for any particular risk. If this communication contains personal information we expect you to treat that information in accordance with the Australian Privacy Act 1988 (Cth) or equivalent. You must advise us if you cannot comply. © Copyright 2022 Marsh Pty Ltd. All rights reserved. LCPA: 21/134

Marsh Pty Ltd (ABN 86 004 651 512, AFSL 238983) (“Marsh”) arrange this insurance and is not the insurer. The Discretionary Trust Arrangement is issued by the Trustee, JLT Group Services Pty Ltd (ABN 26 004 485 214, AFSL 417964) (“JGS”). JGS is part of the Marsh group of companies. Any advice in relation to the Discretionary Trust Arrangement is provided by JLT Risk Solutions Pty Ltd (ABN 69 009 098 864, AFSL 226827) which is a related entity of Marsh. The cover provided by the Discretionary Trust Arrangement is subject to the Trustee’s discretion and/or the relevant policy terms, conditions and exclusions. This website contains general information, does not take into account your individual objectives, financial situation or needs and may not suit your personal circumstances. For full details of the terms, conditions and limitations of the covers and before making any decision about whether to acquire a product, refer to the specific policy wordings and/or Product Disclosure Statements available from JLT Risk Solutions on request. Full information can be found in the JLT Risk Solutions Financial Services Guide.”