Learn More

d/b/a in California as Marsh & McLennan Insurance Agency LLC; CA Insurance Lic: 0H18131. Copyright © 2021 Marsh & McLennan Agency LLC. All rights reserved. MarshMMA.com

Cyber Incident Response Road MapThe following are often recommended steps upon suspected or determined unauthorized access or use of your computer network and/or of theft, loss, or unauthorized access or use of sensitive personally identifiable information or third party corporate information in your care, custody or control.

1. Gather your internal team and review your incidentresponse plan.

2. With the appropriate internal knowledge holders (yourincident response team), contact the carrier approved privacycounsel firm to initiate a triage call to discuss the situation and discuss recommended best steps in the investigation.

• A formal engagement letter may need to be signed with theprivacy counsel firm. Engaging with privacy counsel helpsensure that the investigation and incident response maintainsattorney-client privilege to protect the rights of the insuredand to minimize third parties accessing or sharing details ofthe incident without your knowledge. This also can assist inprotecting your reputation.

• Some cyber carriers have a 24/7 hotline which is therecommended starting point for fact gathering. Some carriersroute this call internally through their claims staff or via a thirdparty approved privacy counsel firm. Regardless, the triageintake call is a recommended first step. (Representative sampleof carrier hotlines/emails are included below.)

• It is recommended to contact your insurance broker to beinvolved in formally putting your insurance carrier(s) on noticeto be compliant from a reporting standpoint even if the incidentdoes not further escalate.

3. If determined that external forensic/IT resources areneeded for further investigation and remediation, theprivacy counsel firm will formally request engagement withthe carrier approved forensic firm that is recommendeddepending on the specific type of cyber incident.

• Forensic vendors can assist in determining the existence, causeand scope of the incident.

Business Insurance

Employee Health & Benefits

Private Client Services

Retirement Services

PayneWest.com/Cyber

This document is not intended to be taken as advice regarding any individual situation and should not be relied upon as such. Marsh & McLennan Agency LLC shall have no obligation to update this publication and shall have no liability to you or any other party arising out of this publication or any matter contained herein. Any statements concerning actuarial, tax, accounting or legal matters are based solely on our experience as consultants and are not to be relied upon as actuarial, accounting, tax or legal advice, for which you should consult your own professional advisors. Any modeling analytics or projections are subject to inherent uncertainty and the analysis could be materially affected if any underlying assumptions, conditions, information or factors are inaccurate or incomplete or should change. d/b/a in California as Marsh & McLennan Insurance Agency LLC; CA Insurance Lic: 0H18131. Copyright © 2021 Marsh & McLennan Agency LLC. All rights reserved. MarshMMA.com

• In conjunction with privacy counsel, as the investigation ensues,you can also determine if your organization will need to:

— Hire a public relations or crisis communication firm.— Notify affected individuals (or regulatory agencies) to be

compliant with breach notification laws or other local, state, federal, international regulations.

— Establish a call center for affected individuals.— Provide credit or identify monitoring / restoration services.

It is strongly recommended to use carrier approved incident response firms to help streamline the process and to minimize the chance of having expenses uncovered. You can report a Cyber claim directly to Marsh McLennan Agency at Claims@MarshMMA.com.

Representative Sample of Incident Response Firms

Legal Breach Coach/Responders

Forensics

AnkuraBob Olson

+1 443 948 6812

Arete AdvisorsBrookes Taney

+1 866 210 0955

Charles River AssociatesAndy Obuchowski

+1 617 425 3549

PaloAlto/Unit 42Brian Burke

+1 631 495 2041

+1 814 207 4007

Jim Leonard

+ 1 615 496 6749

+1 814 207 4007

KivuNicholas Steinmann

+1 914 441 4999

AIG

+1 800 292 7345

Arch

+1 844 202 1600

AXA XL

+1 855 566 4724

Sompo

+1 844 347 7077

Starr

StarrFLPLClaims@starrcompanies.com

Travelers

+1 800 842 8496

Axis

+1 844 445 6097

Beazley

+1 866 567 8570

Chubb

+1 800 817 2655

CNA

+1 800 247 3968

Hanover

+1 800 385 5721

Hiscox

+1 855 447 2627

Liberty/Ironshore

+1 844 470 4766

Representative Sample of Carrier Cyber Claims Hotline

Clark Hill PLCMelissa Ventrone

+1 312 360 2506

Lewis BrisboisSean Hoar

+1 971 712 2795

McDonald HopkinsJim Giszczak

+1 248 220 1354

Mullen CoughlinJohn Mullen

+1 267 930 4791

Polsinelli PCBruce Radke

+1 312 463 6211

FireEye/Mandiant

+1 877 347 3393

inbounds@mandiant.comTracepoint

+1 516 732 0300

Rob Driscoll

Kroll

Disclaimer: Marsh McLennan Agency is not responsible for the services provided by the outside service providers. Your carrier should be consulted on approved vendors before utilizing one of the above references. Sample list does not presume these firms are all included in every carrier’s approved panel list.