Ransomware Attacks and Cyber Insurance: New Developments, Risks Related to Ransom Payments, FBI Guidance
Course Details
- smart_display Format
On-Demand
- signal_cellular_alt Difficulty Level
Intermediate
- work Practice Area
Corporate Law
- event Date
Thursday, February 29, 2024
- schedule Time
1:00 p.m. ET./10:00 a.m. PT
- timer Program Length
90 minutes
-
This 90-minute webinar is eligible in most states for 1.5 CLE credits.
This CLE course will discuss how general counsel can assist and address a company's risk when facing a ransomware attack. The panel will discuss new developments, guidance, and regulations in this area, as well as provide advice on when and how cyber insurance can be utilized and what risks still exist when a ransom payment is made in light of recent noteworthy attacks.
Ms. Waller is a cybersecurity and data privacy attorney who uses her significant experience in technology to counsel clients on cybersecurity risk management, incident response, and privacy laws. As Chair of the firm’s Cybersecurity and Data Privacy Practice, her experience on the intersection of technology and the law is extensive. Ms. Waller is a Certified Information Privacy Professional with both U.S. and Europe designations (CIPP/US & CIPP/E) and a Certified Information Privacy Manager (CIPM) from the International Association of Privacy Professionals. Clients ranging from Fortune 200 companies to municipalities and universities, and spanning industries such as manufacturing, healthcare, banking, and energy depend on Ms. Waller for advice and counsel on risk management, data security, and regulatory compliance. She also advises clients in high-tech fields such as biotechnology and software development and has worked with clients pioneering new technologies such as blockchain and IoT devices. Ms. Waller specializes in critical infrastructure cybersecurity incident response, with experience leading teams bringing complicated systems back online after cyber attacks. She has led cyber crisis management responses across different industries and has experience with the intersection of NERC CIP, GLBA, and HIPAA with cybersecurity incident response.
Ms. Rose is an attorney in Houston, Texas, whose primary practice areas are health care, with a focus on HIPAA and securities law. She is extensively published and presents on a wide variety of topics. Professionally, she has worked on Capitol Hill, interned at HHS and the Royal College of Nursing in London, as well as working on Wall Street.
Ransomware has become a multibillion-dollar criminal enterprise. Ransomware attacks can result in disrupted or even crippled operations. As companies continue to enhance their security and restoration capabilities to prevent or minimize the impact of a successful attack, ransomware actors likewise continue to escalate threats and adapt their tactics to overcome these measures.
Whether a company makes a payment or not, the cost of lost business is the largest cost factor in determining the total cost of a data breach. Whether data is restored from backups or via a decryption tool, ransomware attacks typically involve significant downtime, and that downtime is increasing. Due to the likelihood of downtime and the inherent uncertainty surrounding restoration following a ransomware incident, general counsel may be especially well-served by incorporating a ransomware playbook into incident response plans, including considerations into whether to engage with the threat actor, whether to pay a ransom, how to evaluate the costs and value of a ransom, and the potential benefits and risks associated with paying a ransom.
The increasing frequency of ransomware attacks and rising amounts of ransom payments have placed renewed focus on the need for cyber insurance coverage. Some policies are unclear or ambiguous about their coverage of cybersecurity events, and other policies explicitly cover certain costs associated with cybersecurity events. Still, the unexpected severity of those events has contributed to industry-wide strain across insurers.
Listen as our expert panel discusses the current landscape in ransomware attacks, what general counsel can do to assist a company in responding to these attacks, what types of cyber insurance are necessary, and how FBI and other regulatory enforcement will affect future attacks.
- Current regulatory guidance and developments
- Ransomware: overview
- FBI and other government agency alerts
- Role and considerations of general counsel
- Payment of a ransom does not avoid other costs to the company
- Review of cyber insurance coverage
- Adjust your compliance program to the changing regulatory enforcement risks
- FBI's prior success in recouping ransom payments and the impact on future enforcement actions
- Key takeaways
The panel will review these and other key topics:
- What is the history of ransomware attacks on U.S. companies?
- How can general counsel implement a ransomware contingency plan? When should a ransom payment be considered?
- What issues with cyber insurance should counsel consider when assessing policies?
- How has the prior success of the FBI in recouping ransom payments affected future attacks?
