FIND US
ABOUT US
PERSPECTIVES FROM
THE RISK ECOSYSTEM
CYBER INCIDENT RESPONSE:
READ IN FULL:
DOWNLOAD THE REPORT
Please fill in the form to receive a copy of the report:
INSIDE
Today’s risk owners need to navigate a highly interconnected risk landscape, where the roles and responsibilities of multiple stakeholders intersect. Nowhere is this more evident than with cyber incident response.
If you have agreed to receive our communications and updates, you can change your preferences or unsubscribe at any time.
By clicking below, you consent to allow S-RM to store and process the personal information submitted above to provide you the content requested.
HOW TO ENSURE AN EFFECTIVE CYBER INCIDENT RESPONSE
Our report brings together insights from global insurer AXA XL, international law firms BakerHostetler and Osborne Clarke, ransomware specialist Coveware, S-RM senior advisor Giles Cockerill, CBE, and S-RM’s ethical hacking team, cyber security consultants and incident responders.
HACKERS ‘WITH ORGANISATION’:
THE BUSINESS OF CYBERCRIME
Cyber-attacks are almost always committed by individuals. Yet, when we dig beneath the surface of any cyber-attack, we often uncover an environment that would be difficult for one person to coordinate.
UP AND OUT, IN AND DOWN: THE BOARD’S RESPONSIBILITIES IN A CYBER INCIDENT
A company’s board has a key role to play in managing cyber risk and incident response – both as a collective and as individuals with legal fiduciary responsibilities. Those found wanting may face career-limiting personal as well as corporate penalties.
HERE’S THE GAME PLAN: INCIDENT RESPONSE AND THE ROLE OF CYBER INSURANCE
When an organisation realises it has been hit with a cyber-attack, the instinct is to panic. Christine Flammer, Team Leader for AXA XL’s claims division, recounts a standout incident her team has responded to.
LEGAL REPRESENTATION & CYBER INCIDENT RESPONSE: EXPERT INSIGHTS FROM THE US & UK
S-RM spoke with BakerHostetler’s Ted Kobus and Osborne Clarke’s Charlie Wedin to get their perspectives on the role of legal counsel in cyber incident response. A number of core tenets emerged.
IN FOCUS:
NEGOTIATING WITH A CYBER EXTORTIONIST
“Responders need to be constantly learning, researching and intuitively responding to how threat actors and the cyberthreat ecosystem are evolving. Simultaneously, though, cybercriminals are doing exactly the same thing.”
BEYOND THE TECHNICALITIES:
CYBER INCIDENT RESPONDERS AND THE IMPORTANCE OF RELATIONSHIPS
The most successful responders are not just technically savvy, they are experts in rapidly building constructive relationships with people under pressure.
WHO IS HOLDING YOUR DATA FOR RANSOM? A CONVERSATION WITH COVEWARE
When faced with a ransomware attack, the question of whether or not an organisation should pay or negotiate with the attacker always arises. Gaining some key insights into who your attacker is can help targets answer that question more confidently.
TWO VERY DIFFERENT TRANSACTIONS: PHYSICAL VERSUS CYBER EXTORTION
Whilst both are criminal, the ransomware-extortionist’s approach tends to be purely transactional: ‘give me money and I’ll give you a decryption key’, whilst the kidnapper’s tends to be along the lines of ‘give me money or I’ll kill…’, still transactional – but with a radically more affecting lever.
“The threat actor is arguably the central node in the cyber risk ecosystem – they are the threat to which all other parties are responding.”
“Organisations today must comply with data regulations across multiple regions, covering not only their own physical locations or jurisdictions of incorporation, but also those of the individuals and businesses they serve.”
PERSPECTIVES FROM INSIDE THE RISK ECOSYSTEM