Tabletop Exercises and Cyber Insurance: Key to Navigating Ransomware Attacks

In a guest column published by the Association of Corporate Counsel’s ACC Docket, Woods Rogers Principal and Cybersecurity & Data Privacy Chair Beth Waller joins Adam Yost, Corporate Counsel and Global Data Privacy Officer at Indivior, to provide legal departments with essential considerations for tabletop exercises and other preventative measures to boost cybersecurity preparedness.

The authors note, “When a ransomware incident strikes, the entire in-house legal department must swiftly mobilize to defend its organization, which is under siege by outside cybercriminals. The legal department’s role in this process is crucial, as they are responsible for working closely with IT to manage the legal aspects of the incident, such as regulatory notifications, contractual obligations, and potential litigation.”

Beth and Adam offer practical tips for tabletop exercises, including the importance of maintaining privilege and how regular review of response plans by the legal team can significantly impact the outcome in the event of an incident. They also cover how to review cyber insurance coverage in advance, so you know what’s covered – and what’s not.

“Many times, cyber insurance requires the use of specific ‘panel’ providers who have negotiated agreements with the carrier,” they write. “Know who those providers are and develop a relationship with them to speed up the response process, establish rapport, and hit the ground running. Equally important, identify the resources your organization may require that are not covered under the cyber insurance policy and determine how you will engage with them in a way that still preserves privilege.”

Read Beth and Adam’s column in the ACC Docket.