Interested in training for your team? Click here to learn more

Ransomware Attacks and Cyber Insurance: New Developments, Risks Related to Ransom Payments, FBI Guidance

Recording of a 90-minute CLE video webinar with Q&A

This program is included with the Strafford CLE Pass. Click for more information.
This program is included with the Strafford All-Access Pass. Click for more information.

Conducted on Thursday, February 29, 2024

Recorded event now available

or call 1-800-926-7926

This CLE course will discuss how general counsel can assist and address a company's risk when facing a ransomware attack. The panel will discuss new developments, guidance, and regulations in this area, as well as provide advice on when and how cyber insurance can be utilized and what risks still exist when a ransom payment is made in light of recent noteworthy attacks.


Ransomware has become a multibillion-dollar criminal enterprise. Ransomware attacks can result in disrupted or even crippled operations. As companies continue to enhance their security and restoration capabilities to prevent or minimize the impact of a successful attack, ransomware actors likewise continue to escalate threats and adapt their tactics to overcome these measures.

Whether a company makes a payment or not, the cost of lost business is the largest cost factor in determining the total cost of a data breach. Whether data is restored from backups or via a decryption tool, ransomware attacks typically involve significant downtime, and that downtime is increasing. Due to the likelihood of downtime and the inherent uncertainty surrounding restoration following a ransomware incident, general counsel may be especially well-served by incorporating a ransomware playbook into incident response plans, including considerations into whether to engage with the threat actor, whether to pay a ransom, how to evaluate the costs and value of a ransom, and the potential benefits and risks associated with paying a ransom.

The increasing frequency of ransomware attacks and rising amounts of ransom payments have placed renewed focus on the need for cyber insurance coverage. Some policies are unclear or ambiguous about their coverage of cybersecurity events, and other policies explicitly cover certain costs associated with cybersecurity events. Still, the unexpected severity of those events has contributed to industry-wide strain across insurers.

Listen as our expert panel discusses the current landscape in ransomware attacks, what general counsel can do to assist a company in responding to these attacks, what types of cyber insurance are necessary, and how FBI and other regulatory enforcement will affect future attacks.



  1. Current regulatory guidance and developments
  2. Ransomware: overview
  3. FBI and other government agency alerts
  4. Role and considerations of general counsel
    1. Payment of a ransom does not avoid other costs to the company
    2. Review of cyber insurance coverage
    3. Adjust your compliance program to the changing regulatory enforcement risks
  5. FBI's prior success in recouping ransom payments and the impact on future enforcement actions
  6. Key takeaways


The panel will review these and other key topics:

  • What is the history of ransomware attacks on U.S. companies?
  • How can general counsel implement a ransomware contingency plan? When should a ransom payment be considered?
  • What issues with cyber insurance should counsel consider when assessing policies?
  • How has the prior success of the FBI in recouping ransom payments affected future attacks?


Rose, Rachel
Rachel V. Rose, JD, MBA

Rachel V. Rose – Attorney at Law

Ms. Rose is an attorney in Houston, Texas, whose primary practice areas are health care, with a focus on HIPAA and...  |  Read More

Waller, Elizabeth
Elizabeth B. (Beth) Waller

Chair, Cybersecurity and Data Privacy Practice
Woods Rogers Vandeventer Black

Ms. Waller is a cybersecurity and data privacy attorney who uses her significant experience in technology to counsel...  |  Read More

Access Anytime, Anywhere

Strafford will process CLE credit for one person on each recording. All formats include course handouts.

To find out which recorded format will provide the best CLE option, select your state:

CLE On-Demand Video