Upload
others
View
16
Download
0
Embed Size (px)
Citation preview
Learn More
d/b/a in California as Marsh & McLennan Insurance Agency LLC; CA Insurance Lic: 0H18131. Copyright © 2021 Marsh & McLennan Agency LLC. All rights reserved. MarshMMA.com
Cyber Incident Response Road MapThe following are often recommended steps upon suspected or determined unauthorized access or use of your computer network and/or of theft, loss, or unauthorized access or use of sensitive personally identifiable information or third party corporate information in your care, custody or control.
1. Gather your internal team and review your incidentresponse plan.
2. With the appropriate internal knowledge holders (yourincident response team), contact the carrier approved privacycounsel firm to initiate a triage call to discuss the situation and discuss recommended best steps in the investigation.
• A formal engagement letter may need to be signed with theprivacy counsel firm. Engaging with privacy counsel helpsensure that the investigation and incident response maintainsattorney-client privilege to protect the rights of the insuredand to minimize third parties accessing or sharing details ofthe incident without your knowledge. This also can assist inprotecting your reputation.
• Some cyber carriers have a 24/7 hotline which is therecommended starting point for fact gathering. Some carriersroute this call internally through their claims staff or via a thirdparty approved privacy counsel firm. Regardless, the triageintake call is a recommended first step. (Representative sampleof carrier hotlines/emails are included below.)
• It is recommended to contact your insurance broker to beinvolved in formally putting your insurance carrier(s) on noticeto be compliant from a reporting standpoint even if the incidentdoes not further escalate.
3. If determined that external forensic/IT resources areneeded for further investigation and remediation, theprivacy counsel firm will formally request engagement withthe carrier approved forensic firm that is recommendeddepending on the specific type of cyber incident.
• Forensic vendors can assist in determining the existence, causeand scope of the incident.
Business Insurance
Employee Health & Benefits
Private Client Services
Retirement Services
PayneWest.com/Cyber
This document is not intended to be taken as advice regarding any individual situation and should not be relied upon as such. Marsh & McLennan Agency LLC shall have no obligation to update this publication and shall have no liability to you or any other party arising out of this publication or any matter contained herein. Any statements concerning actuarial, tax, accounting or legal matters are based solely on our experience as consultants and are not to be relied upon as actuarial, accounting, tax or legal advice, for which you should consult your own professional advisors. Any modeling analytics or projections are subject to inherent uncertainty and the analysis could be materially affected if any underlying assumptions, conditions, information or factors are inaccurate or incomplete or should change. d/b/a in California as Marsh & McLennan Insurance Agency LLC; CA Insurance Lic: 0H18131. Copyright © 2021 Marsh & McLennan Agency LLC. All rights reserved. MarshMMA.com
• In conjunction with privacy counsel, as the investigation ensues,you can also determine if your organization will need to:
— Hire a public relations or crisis communication firm.— Notify affected individuals (or regulatory agencies) to be
compliant with breach notification laws or other local, state, federal, international regulations.
— Establish a call center for affected individuals.— Provide credit or identify monitoring / restoration services.
It is strongly recommended to use carrier approved incident response firms to help streamline the process and to minimize the chance of having expenses uncovered. You can report a Cyber claim directly to Marsh McLennan Agency at [email protected].
Representative Sample of Incident Response Firms
Legal Breach Coach/Responders
Forensics
AnkuraBob Olson
+1 443 948 6812
Arete AdvisorsBrookes Taney
+1 866 210 0955
Charles River AssociatesAndy Obuchowski
+1 617 425 3549
PaloAlto/Unit 42Brian Burke
+1 631 495 2041
+1 814 207 4007
Jim Leonard
+ 1 615 496 6749
+1 814 207 4007
KivuNicholas Steinmann
+1 914 441 4999
AIG
+1 800 292 7345
Arch
+1 844 202 1600
AXA XL
+1 855 566 4724
Sompo
+1 844 347 7077
Starr
Travelers
+1 800 842 8496
Axis
+1 844 445 6097
Beazley
+1 866 567 8570
Chubb
+1 800 817 2655
CNA
+1 800 247 3968
Hanover
+1 800 385 5721
Hiscox
+1 855 447 2627
Liberty/Ironshore
+1 844 470 4766
Representative Sample of Carrier Cyber Claims Hotline
Clark Hill PLCMelissa Ventrone
+1 312 360 2506
Lewis BrisboisSean Hoar
+1 971 712 2795
McDonald HopkinsJim Giszczak
+1 248 220 1354
Mullen CoughlinJohn Mullen
+1 267 930 4791
Polsinelli PCBruce Radke
+1 312 463 6211
FireEye/Mandiant
+1 877 347 3393
+1 516 732 0300
Rob Driscoll
Kroll
Disclaimer: Marsh McLennan Agency is not responsible for the services provided by the outside service providers. Your carrier should be consulted on approved vendors before utilizing one of the above references. Sample list does not presume these firms are all included in every carrier’s approved panel list.