According to a recent NYT article, more than 40 municipalities have been victims of ransomware attacks this year, including the 23 towns in Texas that were hit recently. This Wachtell Lipton memo predicts that ransomware is a growing threat for companies too – and offers these preparation & response tips:
Before an attack:
– Reduce ransomware exposure by implementing reliable backup processes for IT systems & critical data
– Get cyber insurance that covers costs associated with ransomware incidents
– Implement incident response plans – including elevation procedures
– Foster pre-attack relationships with law enforcement
Responding to an attack:
– Protect attorney-client privilege by assigning legal counsel a leadership response role & engaging other advisers through counsel
– Assess disclosure obligations – e.g. state & international data breach notifications, SEC and industry-specific disclosure requirements
– Determine notice requirements for insurers, vendors and customers
– Approach the decision whether to pay a ransom with great caution & careful deliberation
On that last point about whether to pay a ransom, a ProPublica article outlines the pros & cons for victims – and suggests insurers have an incentive to accommodate the attackers even if (or because?) doing so leads to more incidents. According to the article, cyber insurance is now a $7-8 billion/year market, and insurers know that could fall apart if nobody is worried about getting hacked.
-Liz Dunshee, The CorporateCounsel.net October 8, 2019
