Ransomware, Cyber Insurance, and the GC's Role: New Executive Order, Risks Related to Payment, FBI Guidance

A live 90-minute CLE video webinar with interactive Q&A


Thursday, August 26, 2021

1:00pm-2:30pm EDT, 10:00am-11:30am PDT

Early Registration Discount Deadline, Friday, July 30, 2021

or call 1-800-926-7926

This CLE webinar will discuss how general counsel can assist and address a company's risk when facing a ransomware attack. The panel will discuss the executive order issued in May 2021 by the Biden administration instituting tech standards for businesses acting as government contractors to limit potential ransomware attacks. The panel will advise when and how cyber insurance can be utilized and what risks still exist when payment is made, if that possibility even exists, in light of the most recent increased attacks on Colonial Pipeline and SolarWinds.

Description

Ransomware has become a multibillion-dollar criminal enterprise projected to cause as much as $20 billion in global damages to companies in 2021. Ransomware attacks can result in disrupted or even crippled operations, as seen most recently in the massive ransomware attack against Kaseya by REvil or Colonial pipeline by the Darkside group. As companies continue to enhance their security and restoration capabilities to prevent or minimize the impact of a successful attack, ransomware actors likewise continue to escalate threats and adapt their tactics to overcome these measures.

Whether a company makes payment or not, the cost of lost business is the largest cost factor in determining the total cost of a data breach. Whether data is restored from backups or via a decryption tool, ransomware attacks typically involve significant downtime, and that downtime is increasing. Due to the likelihood of downtime and the inherent uncertainty surrounding restoration following a ransomware incident, general counsel may be especially well-served by incorporating a ransomware playbook into incident response plans, including considerations into whether to engage with the threat actor, whether to pay a ransom, how to evaluate the costs and value of a ransom, and the potential benefits and risks associated with paying a ransom.

The increasing frequency of ransomware attacks and rising amounts of ransom payments have placed renewed focus on the need for cyber insurance coverage. Some policies are unclear or ambiguous about their coverage of cybersecurity events, and other policies explicitly cover certain costs associated with cybersecurity events. Still, the unexpected severity of those events has contributed to industry-wide strain across insurers.

The Biden administration released a lengthy Executive Order on May 12, 2021, designed at least in part to respond to the supply chain risks associated with ransomware incidents. The Executive Order is broadly geared to address cybersecurity supply chain risk across the federal government. It is likely to create a series of digital safety standards with which federal agencies and their contractors will need to comply. These standards may include certifications of the integrity of their software, information systems, and vulnerability management provisions, with additional reporting requirements and penalties for violations.

Listen as our expert panel discusses the current upswing in ransomware attacks, what general counsel can do to assist a company in responding to these attacks, what types of cyber insurance are necessary, and how the Biden administration Executive Order--together with renewed FBI and other regulatory enforcement--will affect future attacks.

READ MORE

Outline

  1. Ransomware history
    1. SolarWinds attack
    2. Colonial Pipeline attack
  2. Role and considerations of general counsel
    1. Payment of a ransom does not avoid other costs to the company
    2. Review of cyber insurance coverage
    3. Adjust your compliance program to the changing regulatory enforcement risks
  3. Biden administration Executive Order
  4. FBI success in Colonial Pipeline case and future enforcement actions

Benefits

The panel will review these and other key topics:

  • What is the history of recent ransomware attacks on U.S. companies?
  • How can general counsel implement a ransomware contingency plan? When should payment be considered?
  • What issues with cyber insurance should counsel consider when assessing policies?
  • How is the Biden Executive Order impacting companies' ransomware preparedness policies?
  • How has the recent success of the FBI in recouping the Colonial Pipeline ransom affected future attacks?

Faculty

Godfrey, Lauren
Lauren D. Godfrey, CIPP/US

Partner
Lewis Brisbois Bisgaard & Smith

Ms. Godfrey counsels clients across business sectors as to best practices in information privacy and data security. She...  |  Read More

Tantleff, Aaron K.
Aaron K. Tantleff

Partner
Foley & Lardner

Mr. Tantleff focuses on providing legal and strategic guidance regarding information technology, outsourcing,...  |  Read More

Attend on August 26

Early Discount (through 07/30/21)

Cannot Attend August 26?

Early Discount (through 07/30/21)

You may pre-order a recording to listen at your convenience. Recordings are available 48 hours after the webinar. Strafford will process CLE credit for one person on each recording. All formats include program handouts.

To find out which recorded format will provide the best CLE option, select your state:

CLE On-Demand Video

Download