Claims and Cleanup Information for WannaCry Ransomware Cyber-Attack

The ransomware cyber-attack that hit hospitals, government agencies, and tens of thousands of computers on May 12 was unprecedented in how quickly and widely it has spread.

If your organization has been impacted directly or indirectly through a customer or supplier, you should act quickly to contain the outbreak and collect information you may need to file a claim.

In the critical period after a cyber breach, businesses should:

• Stop the damage. If you have not been able to contain the outbreak — or you are not sure whether you have contained it — you may need to contact a technology vendor. A cyber insurance policy may cover this expense, but it might require prior approval.
• Manage the initial response. Communicate the issue within your organization to stem the spread of the attack and assist in tracking your cyber response team’s claim-related activity.
• Document the timeline of events. Tracking what occurred from the time of the breach through full recovery will assist in estimating the “period of recovery” for the loss.
• Establish a protocol for identifying and properly categorizing claim-related costs. This will facilitate potential recovery against relevant insurance policies.
• Provide analysis. Catalog all business interruption, extra expense, or other financial impacts, even those not easily captured.

If you need help with any of these steps, contact Marsh Risk Consulting via your client executive or the Marsh Risk Consulting hotline at +1 212 345 9589 (866 928 7475 within the US and Canada).

Marsh Risk Consulting has teams specializing in cybersecurity, forensic accounting and claims, and reputational risk and crisis management.