- Argentina(Español)
- Österreich (Deutsch)
- Belgique (Français)
- België(Nederlands)
- Brasil (Português)
- Canada (Français)
- Chile(Español)
- China(Chinese)
- Colombia(Español)
- Czechia(Czech)
- Denmark(Danish)
- República dominicana(Español)
- France (Français)
- Deutschland (Deutsch)
- Hungary(Hungarian)
- Italia(Italiano)
- 日本(日本語)
- Kazakhstan(Kazakh)
- Kazakhstan(Russian)
- Luxembourg(Français)
- Mexico(Español)
- Maroc(Français)
- Nederland(Nederlands)
- Panamá(Español)
- Perú(Español)
- Poland(Polish)
- Portugal (Português)
- Puerto Rico(Español)
- Romania(Romanian)
- Slovakia(Slovak)
- España (Español)
- Taiwan(Chinese)
- Tunisie(Français)
- Turkey(Turkish)
- Ukraine(Ukrainian)
- United States(English)
- Uruguay(Español)
- Venezuela(Español)
Guidance for Our Clients Regarding the SolarWinds Cyber Incident
Earlier this week, the FBI, the Cybersecurity and Infrastructure Security Agency, and the Office of the Director of National Intelligence jointly announced an ongoing cybersecurity incident involving government networks as well as numerous public and private organizations around the world. The attackers gained access through the SolarWinds Orion IT software platform, a platform used by many organizations to monitor and manage the performance of their computer networks. The incident has been reported by numerous media outlets, and SolarWinds has published its own security advisory and FAQ.
As Marsh clients that employ the SolarWinds Software Platform continue to assess the extent of this incident, we suggest you consider these steps to best position your company for any claim made as a result:
- If your organization has been impacted by the SolarWinds Orion exploitation and you have a cyber insurance policy, you should notice your cyber insurance carrier promptly. Your Marsh representative can assist you with this. Cyber insurance typically covers costs for investigating and responding to cyber incidents, but carriers frequently require prior approval of incident investigation and response vendors – such as legal and forensics services – and their rates before reimbursing the cost. Early notice can avoid later disputes over what services are covered. Cyber insurance policies can also cover claims that are received subsequent to the policy period, if the carrier is put on notice during the policy period of the event that gave rise to the later claim.
- If your company has been impacted but you do not have a cyber insurance policy, the Marsh Cyber Incident Management team can provide guidance and recommendations regarding resources to assist your full investigation and response. Your Marsh representative can also help determine if other insurance policies may be applicable.
- If your organization has not been impacted, there is no need to notify your cyber insurance carrier.
- If you are unsure whether your organization has been impacted or breached and you want help in making a clearer determination, we suggest you complete an Indicators of Compromise (IoC) Assessment immediately in an effort to identify any evidence of unauthorized behavior or access to your organization’s IT enterprise. An IoC or Compromise Assessment can alleviate uncertainty regarding whether an organization’s IT enterprise has been compromised by providing a comprehensive analysis of an organization’s cyber risk exposure. Marsh’s Cyber Risk Advisory practice can provide you with assistance in this area.
Marsh’s Cyber Risk Management team is available to you at any time to provide best-in-class answers, service, and solutions for cyber incident response and management, cyber coverage review or placement, and cyber risk management planning and optimization.