What's Happening?

Marsh provides a ransomware checklist: does your business incorporate these best practices?



Cyber-attacks remain a top business risk year-after-year, increasing in frequency, severity, and sophistication. At the top of the cyber-attack list? Ransomware.

Ransomware has become an industry, and every organisation is a potential target. Attacks now routinely disrupt operations for days or weeks. Companies with poor cyber hygiene can become low-hanging fruit.

Cyber-attackers are constantly evolving their tactics and scanning corporate technology environments to identify companies with poor cyber hygiene, such as lax controls or unpatched software. The increase in attack sophistication shows no signs of slowing.

Planning is everything. Spiros Fatouros, Marsh Africa CEO shares best practices that your business can adopt.

Plan and test. Develop or update your existing incident response plan to include ransomware considerations. Once your incident response plan is in place and accounts for ransomware, put it to the test by practicing a hypothetical ransomware scenario.

Develop a decision-making framework. Use this to help analyse whether you can restore data and systems on your own and whether it makes sense to pay an extortion demand.

Establish ransom payment criteria. This includes the amount of the initial extortion demand, the threat actor’s track record of negotiating the initial demand downward, the threat actor’s history of providing working decryption code upon payment of the ransom, and an estimate of the length of time it will take to restore data and systems using the decryption code.

Ensure regular backups and periodic data restoration testing. Storing backup data offline and offsite in a secure manner can substantially expedite recovery from an attack. Businesses should conduct tests to confirm that backed up and restored data will work in a live environment.

Update your software. Patch regularly to maintain the security of applications and operating systems. Address all critical patches immediately.

Enhance security awareness. Cybersecurity awareness training for employees is an important cyber hygiene practice, as employees are the first line of defense against phishing attacks.

Consider ransomware as part of your organisation’s broader risk management efforts. Take into account your risk tolerance, cybersecurity controls, cyber insurance coverage, broader enterprise risk management programs, and value chain as you review and develop your ransomware plans and prepare for the possibility of an attack.

Transfer your risk. Risk transfer can help protect an organisation’s balance sheet and provide resources if risk mitigation tactics fail. Cyber insurance can provide comprehensive coverage for ransomware attacks, including for ransom demands, business downtime, and associated costs.