Cyber Insurance Blog

The Effects of a Cyber Security Incident Response Plan: A Real-Life Scenario

The Effects of a Cyber Security Incident Response Plan: A Real-Life Scenario

Today, a comprehensive cyber security incident response plan has become vital to the data security of businesses in every industry. The right cyber insurance policy is the most important aspect of that plan. It can be difficult to fully understand the influence that these proactive steps can have until you’re actually faced with a cyber incident.

ProWriters President Brian Thornton spoke on this topic at NetDeligence’s Cyber Risk Summit in 2019. His workshop broke down an interactive cyber breach scenario (created by real-life incidents), to demonstrate how a cyber security incident response plan affects a business’ ability to recover from an attack.

Here, we take one of these real-life incidents and analyze the impact a proactive cyber security incident response plan has on the damages of an actual cyberattack.

The Scenario: A Ransomware Attack

A ransomware attack holds a computer network hostage, denying access until a ransom is paid.


You run a for-profit healthcare provider. Your threat detection tells you you’re the victim of a ransomware attack. All employees have been locked out of the corporate network.

Within minutes, you receive a voicemail from an anonymous hacking group that takes responsibility for the attack and demands $1M in bitcoin to unlock the network.

What Would You Do?

Blurry overview of the back of an audience watching a panel on the lit stage of a larger auditorium.

Your post-incident response to the attack has an enormous impact on the severity of the damages. Some may argue that because the demand is roughly equal to your deductible, you should just pay the ransom and forgo notifying your insurance carrier.

However, your IT engineer cautions against paying the demand as the systems are encrypted with BitLocker and they should be able to decrypt the data if you give them some time.

So, do you pay the ransom? It’s a difficult decision to make. With a cyber security incident response plan in place, a competent cyber insurance carrier can help you make the right decision.

The Problem Persists

It’s day three and your system is still down, seriously inhibiting your ability to conduct business. Your IT team insists that they are prioritizing reformatting systems and restoring data from backups. They say this is the best way to get up and running quickly and deliver patient care.

What Would You Do?

Do you continue the investigation or focus on recovery?

Investigations are costly. A dedicated cyber liability policy includes coverage for IT forensics costs, one of the most important parts of a data breach.

The Media Gets Involved

News of the attack was leaked to the public and the media starts to call. Renowned investigative reporter Brian Krebs from Krebs on Security reaches out asking for a comment, along with the press.

As a result, patients are now worried that their medical records have been stolen and are demanding answers.

What Would You Do?

Media coverage in these kinds of events is often unavoidable. A comprehensive cyber security incident response plan and cyber insurance policy prepare for this by instituting a crisis management protocol.


Before you continue reading, follow us on LinkedIn so you don’t miss any important cyber updates:

The Government Investigates

As the situation evolves, you get a call from the FBI. They have opened an investigation and need access to certain devices.

Information security is regulated, including sensitive personal data, such as medical records or payment information. Companies that fail to comply with the roles and responsibilities of data security can face heavy fines and penalties.

What Would You Do?

The details of if and when you engage law enforcement must be included in your cyber security incident response plan. In this particular case, the Health Insurance Portability and Accountability Act (HIPAA) regulations would likely apply. In the event of non-compliance, the government can impose significant fines. With a cyber insurance policy in place, these will be covered.

The Depth of the Breach Is Revealed

You finally regain access to your system. Your forensic IT investigation finds evidence that malware captured sensitive information, including medical records and contact information, on thousands of patients. You and your legal counsel, appointed through your cyber insurance carrier, determine that notification is necessary.

What Would You Do?

You know you have to notify the patients, but how? A dedicated cyber insurance policy includes coverage for notification costs, including the expenses associated with customer and regulatory notifications. In some cases, this may involve the setup and operation of a call center, which can be very costly without coverage.

Lessons Learned: Cyber Insurance Is Key to Cyber Security

From the moment the ransomware attack was discovered in our scenario, cyber liability insurance played a crucial role. At every decision point, coverage was vital to navigating and surviving the fallout of the breach.

No cyber security incident response plan is complete without dedicated cyber insurance coverage to protect your data integrity. At ProWriters, we have 25 years of experience delivering tailored policies that meet a wide range of needs. To learn more about what ProWriters can do for you, speak with a cyber expert today.

Subscribe to Our Monthly Newsletter!

    Selling Cyber Insurance:

    Pro Tips From ProWriters

    Get the Guide