Claims and Cleanup Information for WannaCry Ransomware Cyber-Attack

The ransomware cyber-attack that has hit hospitals, government agencies, and hundreds of thousands of computers in other organisations since May 12 was unprecedented in how quickly and widely it has spread.

If your organization has been impacted directly or indirectly through a customer or supplier, you should act quickly to contain the outbreak and collect information you may need to file a claim.

In the critical period after a cyber breach, businesses should:

• Stop the damage. If you have not been able to contain the outbreak — or you are not sure whether you have contained it — you may need to contact a technology vendor. A cyber insurance policy may cover this expense, but it might require prior approval. Marsh is in partnerships with IT security consultants who will be able to assist with this. 
• Manage the initial response. Communicate the issue within your organization to stem the spread of the attack and assist in tracking your cyber response team’s claim-related activity. 
• Document the timeline of events. Tracking what occurred from the time of the breach through full recovery will assist in estimating the “period of recovery” for the loss. 
• Establish a protocol for identifying and properly categorizing claim-related costs. This will facilitate potential recovery against relevant insurance policies. 
• Provide analysis. Catalog all business interruption, extra expenses, or other financial impacts, even those not easily captured.

If you need help with any of the above, contact your Marsh representative, or drop us a note at asia.information@marsh.com.

Marsh has teams specializing in Cybersecurity, Business Interruptions, Forensic Accounting & Claims, and Reputational Risk and Crisis Management.