Skip to main content
Marsh logo

Article

Ransomware: How to Create a Comprehensive Incident Response Plan

It is crucial to create a comprehensive incident response plan as the first step to prepare for any ransomware incidents that may take place.
Person's name and title

By Kelly Butler

Cyber Practice Leader, Marsh Specialty

23/08/2022 · 2 minute read

Ransomware attacks are escalating, with more frequent and sophisticated attacks being seen globally in the past year. In the face of a devastating ransomware attack, many companies experience a “paralysis” that significantly lessens the effectiveness of their response. They are often caught off guard — and these hesitations and slow decisions can have significant financial and operational impacts. It is crucial to create a comprehensive incident response plan as the first step to prepare for any ransomware incidents that may take place.

Over the years, Marsh has helped countless organisations craft ransomware incident response plans and tailor cyber coverage to help them prepare for the unexpected. In this guide, we share our insights to help your organisation avoid response paralysis and recover quickly from an attack.

Pre-Incident

The value of preparing in advance for the possibility of a ransomware attack cannot be overstated. Here, we explore numerous considerations, from identifying your options to developing internal policies and guidance to understanding regulatory implications and potential sanctions.

During the Incident

This is where your planning will pay off. We provide insight into key areas during the incident, such as minimising your exposure and working with your carrier, along with the all-important question of whether to —and how to—pay the ransom.

Post-Incident

The work doesn’t end after a ransomware attack is resolved. We provide specific guidance around recovery, including identifying additional weaknesses to strengthening your plan for the future.

Contact Us

For more information about Cyber Risk and how Marsh can support your business, please contact your Marsh representative.

Remove Response Paralysis with a Comprehensive Incident Response Plan

Download now

Related insights

Mountains and lake aerial view

Article

The price of privacy risk: Managing the wide range of data exposures

11/11/2024
Business Colleagues Walking

Article

Emphasising preparedness: The role of out-of-band communications in cyber incident response

11/11/2024
Aerial view of a walkway bridge

Article

Amendments to the SOCI Act: Another step forward in the 2023-2030 Australian Cyber Security Strategy

07/11/2024
Chicago skyline aerial view

Article

Navigating Australia’s evolving cybersecurity landscape: 4 key features of the Cyber Security Bill 2024

07/11/2024
View more

Marsh Pty Ltd (ABN 86 004 651 512 AFS Licence No. 238983) arrange this insurance and are not the insurer. The information contained in this publication provides only a general overview of subjects covered, is not intended to be taken as advice regarding any individual situation and should not be relied upon as such. Insureds should consult their insurance and legal advisors regarding specific coverage issues. All insurance coverage is subject to the terms, conditions, and exclusions of the applicable individual policies. Marsh cannot provide any assurance that insurance can be obtained for any particular client or for any particular risk. If this communication contains personal information we expect you to treat that information in accordance with the Australian Privacy Act 1988 (Cth) or equivalent. You must advise us if you cannot comply. © Copyright 2022 Marsh Pty Ltd. All rights reserved. LCPA: 21/134.