Ransomware Readiness, Ransomware Insights, Ransomware Incident Response Planning, Insurance

Posing an imminent and increasing threat to organizations of all sizes and industries, ransomware is a type of malware that prevents access to systems or data until the victim pays a ransom. The results are immediate — and often severe — operational, financial, and reputational impacts.

Ransomware attacks are on a meteoric rise. By the end of 2021, global businesses will be the target of ransomware every 11 seconds — with rising costs, downtime, and remediation efforts.

In a ransomware incident, attackers typically encrypt a victim’s files and network and render them incapable of use. The attacker then provides instructions and requests a fee — the ransom — in cryptocurrency from the victim, dangling a carrot in the form of a decryption key to unlock the encrypted data/network. Whether or not the victim pays, there is no certainty that the files will be returned or access restored. Extensive remediation is typically required regardless of whether a ransom is paid.

Today, data exfiltration, the unauthorized copy or transfer of data, is becoming increasingly common with ransomware attacks as a coercion tactic to incentivize ransom payment. In the second quarter of 2021 alone, more than 80% of ransomware attacks involved the threat of data exfiltration. Hence, organizations are struggling with not only more ransomware attacks, but also the added privacy implications.

A ransomware and/or data exfiltration incident can cause significant damage — and financial loss. While a business cannot anticipate a specific ransomware attack, organizations must prepare for the potential impacts. Businesses must carefully and proactively plan for how they would manage a ransomware attack — before, during, and after — and, as importantly, understand how their cyber coverage would respond to an event.

Leveraging our deep expertise and in-depth experience in the cyber insurance market, our cyber risk and insurance specialists help our clients better prepare for a potential ransomware attack. Our team of specialists can assess your organizational cyber readiness and resilience — designing and delivering a complete response plan and cyber insurance program, unique to your risk profile.

Encompassing cyber risk management and insurance solutions, the full suite of Marsh ransomware offerings include:

Cyber insurance: Our team of specialists design cyber insurance programs with comprehensive coverage for ransom payments and associated costs. Cyber policies may also include preparation and response support (such as resources for clients on incident response planning, employee training, legal and forensics, and breach notification services), as well as balance-sheet protection for first- and third-party costs and liabilities (lost revenue and extra expenses, regulatory fines and penalties, data and hardware restoration and repair, and reputational harm).

Ransomware readiness: This brief assessment efficiently analyzes and provides insights into an organization’s ransomware preparedness. It delivers numerical scores, benchmarks readiness, and provides findings via an executive-level report. You are assessed across ransomware-specific preparedness indicators in seven critical areas, including employee awareness, backup policies and procedures, and technical controls.

Ransomware insights: We provide clients with insights to better understand, measure, and manage ransomware as a business risk. We model potential attack severity, pinpoint potential vulnerabilities, and identify areas of potential improvement for insurance underwriting. This includes analysis of both historical and recent ransomware events. You can also tap into thought leadership resources, review potential vendors, and browse best practices — all in one central location.


Ransomware incident response planning: It is critical to develop a comprehensive incident response plan that enables organizations to prepare for, detect, respond to, and recover from a ransomware incident. This offering includes: identification of key stakeholders and their roles/responsibilities; development of response guidelines, procedures, and processes; establishment of event tracking; execution of detailed tabletop exercises; analysis of the financial impact of a ransomware incident; and identification and assessment of vulnerabilities in the plan itself.

Our ransomware incident response planning offering can help you, in collaboration with your counsel and regulatory experts, address specific concerns related to the October 1, 2020 US Treasury Department’s Office of Foreign Assets Control (OFAC) and Financial Crimes Enforcement Network (FinCEN) ransomware advisories.