Claims and Cleanup Information for WannaCry Ransomware Cyber-Attack
The ransomware cyber-attack that hit hospitals, government agencies, and tens of thousands of computers on May 12 was unprecedented in how quickly and widely it has spread.
For many organizations, the past week brought an unwanted welcome to the new world of cyber risk. The “greeting” came from WannaCry, ransomware that disrupted the UK’s health services, halted a French carmaker’s production, interfered with a US logistics company’s network, and shut down corporate offices in Asia, all in a matter of hours. The attackers sought an almost laughably small ransom from victims — as little as $300 per infected computer — but the ultimate disruption to the global economy will be much greater.
One clear lesson as we look to prevent the next cyber pandemic is that technological infrastructure may be more fragile than previously thought. That means firms must focus on the growing risk of cyber business interruption.
If your organization has been impacted directly or indirectly through a customer or supplier, you should act quickly to contain the outbreak and collect information you may need to file a claim.
In the critical period after a cyber breach, businesses should:
- Stop the damage. If you have not been able to contain the outbreak — or you are not sure whether you have contained it — you may need to contact a technology vendor. A cyber insurance policy may cover this expense, but it might require prior approval.
- Manage the initial response. Communicate the issue within your organization to stem the spread of the attack and assist in tracking your cyber response team’s claim-related activity.
- Document the timeline of events. Tracking what occurred from the time of the breach through full recovery will assist in estimating the “period of recovery” for the loss.
- Establish a protocol for identifying and properly categorizing claim-related costs. This will facilitate potential recovery against relevant insurance policies.
- Provide analysis. Catalog all business interruption, extra expense, or other financial impacts, even those not easily captured.
Ransomware and other evolving threats will increase in frequency and sophistication, Firms need a comprehensive cyber risk management strategy — including economic risk modeling, optimized cybersecurity and cyber insurance programs, and resilient cyber response capabilities, to ensure a quick, effective response and a timely return to normal operations.
Marsh Risk Consulting has teams specializing in cybersecurity, forensic accounting and claims, and reputational risk and crisis management.