Tag Archives: cyber insurance

What’s Next for Ransomware

Finally, a bit of good news on ransomware: Federal investigators said Monday that they had recovered millions of dollars of the ransom that Colonial Pipeline paid to Russian hackers following their recent attack, which disrupted gasoline supplies up and down the East Coast.

The news may discourage ransomware hackers by showing them that they aren’t as invincible as they think — while they operate from countries that aren’t likely to cooperate with international enforcement and take payment in cryptocurrency, U.S. investigators tracked the Colonial Pipeline ransom to a digital wallet and recovered much of it. The news also underscores FBI Director Christopher Wray’s statement last week that ransomware attacks should be seen as terrorist activity that warrants a heavy response from law enforcement, suggesting that potential corporate targets and their insurers may receive much-needed help.

To understand where ransomware attacks and cyber insurance go from here, I sat down recently with Brian Brown, principal and consulting actuary at Milliman, and Paul Miskovich, consultant who has been working with Milliman on cyber issues. As you’ll see, they offered a modicum of optimism but raised some tricky issues that both insurers and corporate clients will face — and laid out some cyber threats that lie ahead even if ransomware starts to come under control.

Here is the conversation:


When we started planning this conversation, there had just been a high-profile ransomware attack, the one that shut down Colonial Pipeline and greatly restricted the availability of gasoline on the East Coast for days. We’ve since had an attack on JBS, which is the world’s largest meat seller and which provides a quarter of the beef and a fifth of the pork consumed in the U.S. Now that awareness is finally rising for this long-festering problem, what happens next?

Paul Miskovich:

For companies and clients, the attacks will drive investment in cyber resiliency.

The guidance from U.S. regulators and law enforcement, which has been very consistent, is that paying ransoms encourages bad actors to accelerate crimes involving ransomware. The Office of Foreign Assets Control and the Financial Crimes Enforcement Network released advisories in October that warned of sanctions for victims who make ransomware payments. So, you’re in a Catch-22 if you’re attacked. If you choose to pay, you may have to pay penalties. If you choose not to pay, you could suffer reputational harm and other financial losses from being shut down. So, the only correct thing to do is to invest more in cyber resiliency.


My thesis has been that the insurance companies should play a major advisory role because they are experts or at least more expert than the individual clients, based on all the cases they are seeing. Is that a reasonable thought?

Paul Miskovich:

It is, but there are issues.

Insurance companies are also affected by the OFAC advisory, and they have issues in making payments. They will need to start investing in technology partners to be able to make ransomware payments, which typically are done in cryptocurrencies. Insurers will also have to work more closely with law enforcement, to avoid sanctions and penalties. With respect to clients, insurers are going to have to work much more closely on prevention and resiliency.

And then you end up with other issues. Hackers will use AI and algorithms that accelerate the pace of the attack and could release confidential information, meaning that victims need to pay the ransom fast. So, insurance companies are going to have to figure out assessment and payment methodologies that work a lot faster than they work now.


Can intelligence and law-enforcement agencies like the FBI do more to spot attacks potentially coming from overseas and maybe even shut them down?

Paul Miskovich:

Agencies are going to have to increase their scale, because they don’t have the necessary resources to address the growing cyber threat. There’s a whole criminal network behind ransomware that’s exchanging money in the form of cryptocurrencies, so law enforcement has to get to a level of sophistication that it can use blockchain and other technologies to track the flow and disrupt the perpetrators.


What are all these threats doing to insurers and to rates?

Brian Brown:

From 2015 to 2020, premium growth for cyber insurance has been in excess of 25% a year, and the current cyber premium is about $2.3 billion a year. It’s possible that’s understated, because carriers may not be reporting all of the cyber premium. Also, this is just premium written by U.S. domestic companies.

We started to see a big tick up in claims in 2019. The 2019-2020 claim activity has been more than double 2017.

Loss ratios were pretty favorable for stand-alone cyber policies from 2015 to 2018, below or close to 50%. But in 2020 the loss ratio was 73%. That’s assuming that the carriers are perfectly reserving the exposure. We’ve looked at some other data for policies just written in 2020, and the indicated loss ratios, early on, may be much higher than 73%.

A lot of big companies have pretty tight security plans; the medium-sized companies not as much. So, there may be much heavier rate activity for the medium-sized companies. But the fundamental issue is, which insurers can determine new more robust variables that predict the likelihood of a cyber loss.

And, if you’re insuring somebody, you want to provide risk management services to reduce their probability of a cyber event, whether that’s providing courses to employees or software to IT departments to measure cyber resilience. You also really need a qualified staff to handle claims.

The predictions are that premiums will continue to grow well in excess of 25% annually for years to come. So, I think we’re on the cutting edge of a great opportunity for a lot of insurance companies, if they’re able to do it right.


Do you want to speculate a bit on what the next threat will be, beyond ransomware?

Paul Miskovich:

I see three. The first one, undeniably, is the exploitation of cloud computing vulnerabilities. Next are the cyber security breaches originating from vulnerabilities in ecosystems, where the victim is provided services, especially web applications, through a third-party offsite server. That area of exposure is going to continue to increase. The other one is that the sophistication of exploits is increasing with artificial intelligence and self-learning algorithms. Denial of service attacks are becoming especially dynamic. The algorithms are quicker and more effective. The algorithm chooses one or more methods of attack using behavioral analysis of the network to try to figure out how to get through the defenses.


On the theory that we should fight the next war, not the last one (as generals famously are said to do), are there particular things you would recommend that anyone in this ecosystem — the clients, the insurers, the regulators or the investigative agencies — should do to prepare us better for those next threats?

Paul Miskovich:

I feel that Congress should establish federal minimum cyber security standards for private businesses. And law enforcement and regulators should put forth information campaigns educating the public. Together, they will set a common basis of knowledge and preparation and will drive investment in cyber resiliency, while improving private companies’ responsiveness to quickly evolving threats.

As for critical infrastructure — energy, transportation and healthcare — I think they require much, much deeper resiliency planning.

We don’t really know what the next attack will be, but if we all have the same baseline through training and standards, and we’re all sharing information, then our responses can be more effective.

Brian Brown:

We’re seeing a hard market now, but if we were to get one or several large events, in the $100 million to $1 billion range, we’d see an extremely hard market, and quite possibly capacity issues. So, some are looking at alternative capital sources to provide cyber coverage. We’re also seeing some MGAs and insurtechs actually doing the underwriting, which is likely to be a growing trend.

Paul Miskovich:

Many of the later entrants in the cyber market think it’s more efficient to use specifically targeted, talented teams coming out of MGAs.

Brian Brown:

There are some additional benefits from the MGA relationship, because, if you’re not happy with the performance of the portfolio, it’s easier to exit. So, it’s a quicker ramp up and an easier exit.


Thanks to you both. This has been a great discussion.



P.S. Here are the articles I’d like to highlight from the past week:

Behavioral Science and Life Insurance

Carriers must fully grasp human biases and behaviors and harness technologies to improve health.

Ready for the Fully Connected Future?

The key for insurers is to think beyond a single transaction and be “partnership-ready,” which also means becoming “ecosystem-ready.”

The Promise of Predictive Models

Big data and AI will uncover insights that allow smart carriers to acquire the most profitable clients and avoid the worst.

Key to Transformation for Auto Claims

AI is critical to processing and assessing all inputs and removing friction. Yet AI alone cannot deliver transformation.

Auto Insurers Prep for Summer Driving

By taking steps now to update, optimize and digitize processes, insurers will be prepared to help customers through this likely difficult time.

Different Flavors of Transformation

Transformation and improvement are not the same, and insurers should use different approaches to the two types of innovation.

Does Cyber Insurance Add to Ransomware?

An increasing number of articles on the topic would have you believe so, and it is a question we’ve long pondered as one of the larger providers of cyber insurance in North America.  

The Wall Street Journal just published an article, “As Ransomware Proliferates, Insuring for It Becomes Costly and Questioned,” highlighting a surge in the cost of cyber insurance amid mounting claims from ransomware and speculating that insurance payouts may only be encouraging ransomware attacks.

A spokesperson for Tenable stated it plainly: “[T]he insurance company pays the ransom, the criminals make more money, so they make more ransomware, which leads to more insurance, which leads to more payment, and so we get into this vicious cycle.”

Logical. Or is it?

What causes ransomware?

Ransomware is not just a type of malware. It is a criminal business model in which the perpetrator seeks to obtain benefit by taking hostage a victim’s data, infrastructure, economic output, intellectual property or even privacy. It is extortion in its purest form, and it won’t go away for so long as organizations allow assets of value to be taken hostage. Whether an organization purchases insurance or not has no bearing on the value of the underlying assets taken hostage. Nor in the vast, vast majority of cases are organizations targeted because they have an insurance policy – this simply isn’t information that an attacker has prior to an initial compromise.

Organizations are targeted by threat actors because they have made poor technological choices, oftentimes exposed to the public internet, that make them targets. They are targets of opportunity. Phishing, internet-exposed remote network access, and unpatched internet-facing software and devices account for the vast majority of ransomware targeting and initial compromise. Unfortunately, there are more opportunities (i.e. vulnerable targets) than there are criminals to exploit them, and, as a result, most ransomware actors prioritize targets based on their size and financial resources, which is used as a proxy for the value of assets taken hostage and the victim’s ability to pay. We have seen first-hand communication between threat actors in which an organization gets a “pass” because it isn’t large enough.

The role of insurance in paying ransoms

Nearly all cyber insurance policies cover ransomware, including ransom amounts, but also digital forensics and incident response (DFIR) costs to respond to the ransomware event, costs to restore and recover lost assets, as well as resulting business interruption losses (i.e. lost income). From our experience, no one wants to pay a ransom. Certainly not the insurance company and almost never the client. Both have the same amount of hostility as if you’d kidnapped their children and won’t agree to pay a ransom unless it is a last resort. Often, assets can be restored without doing so, and with the insurance policy covering the other costs and lost income – exactly as intended.

However, occasionally assets cannot be restored. No backups and no recourse. Pay the ransom or face existential ruin. This is the unenviable position some organizations find themselves in, and the majority do not have insurance. For those that do, there is coverage if the policyholder elects to pay. Because it is impossible to ever be 100% secure, 100% of the time, insurance is literally the only thing that can provide protection against the possible eventuality of a ransomware attack in which an organization has no other means to recover. Moreover, because insurance policies cover the costs of experienced DFIR vendors, or also provide such services directly, as in our case, insured organizations are able to negotiate ransom demands down (nearly 100% of the time, in our experience) something a victim would have a considerably more difficult time doing on its own.

See also: Cyber Risk Impact of Working From Home

While some insurers are pulling back on coverage, and even eliminating it, and while there is chatter of public policy efforts to render extortion uninsurable or otherwise prevent extortion payments from being made, it would be a tremendous disservice to the organizations affected by these attacks to prevent the insurance industry from continuing to innovate to fight cybercrime. It is impossible to imagine how much worse the world would be without insurance. 

Not only do insurance companies provide a tremendously valuable service, they have a unique ability to encourage – even enforce – the basic cybersecurity hygiene that is so desperately needed. They can also do so at a considerably lower cost than organizations can by themselves.

The role of insurance in fighting cyber crime

There is literally no industry better positioned to fight cybercrime than the insurance industry. Insurers have one thing in common that others (including cybersecurity companies) do not: a direct financial incentive to protect insured clients and prevent financial loss.

To have an impact commensurate with our position, we must act to:

  • Improve underwriting standards across the board. In today’s market, an organization should struggle to get coverage if it has not implemented multi-factor authentication (MFA), disabled remote network access on the internet or implemented any number of other highly effective security controls. The insurance industry can and is serving as one of the single most effective enforcers of cybersecurity hygiene at scale. We’ve written about how we do this in another post, “Underwriting ransomware: Our unique approach and what it means for our customers“.
  • Provide risk engineering services to customers at little to no cost. Many insurance providers, like Coalition, are now continuously collecting data on insureds and following claims and using this information to alert other customers to imminent risks. In our case, we do this automatically and at no additional cost to the policy premium. We did this to dramatic effect following the recently disclosed zero-day vulnerabilities in Microsoft Exchange. As we published in our blog, within 48 hours of the disclosure we identified nearly 1,000 potentially affected policyholders. Today, we have only six vulnerable policyholders (!).
  • Maintain effective ransomware coverage for those that need it most. This will mean balancing public policy objectives while avoiding actions that disenfranchise businesses (particularly small businesses). Moreover, any move to make ransomware “uninsurable” would likely (and ironically) hinder, not foster, innovation in the cyber insurance market. Many, although not all, insurers have made dramatic progress in protecting clients from ransomware. Coalition customers report 1/20th the frequency of ransomware claims vs. the broader market, by our own estimates, because we help each achieve a threshold of cybersecurity hygiene that dramatically lowers the likelihood of a successful ransomware attack.

It is in the collective interest of all that, as an industry, we tackle this problem with innovation rather than merely regulation.

Intersection of AI and Cyber Insurance

Exhibitioners at the Century of Progress International Exposition held in Chicago from 1933-1934 touted washing machines and air conditioners as capable of bringing vast changes to our everyday lives. This optimism for future generations is inherent within the human psyche. As such, we often speak of artificial intelligence (“AI”) as a lofty, almost dream-like reality that awaits us in the not-so-distant future. 

But AI proliferates today and extends beyond the entertainment-based efficiencies embedded within Netflix and TikTok that we read about; attorneys apply AI to document review projects; vehicle manufacturers use AI to control a vehicle’s acceleration, speed and steering; hospitals and doctors are using AI to triage and diagnose patients; and biotech companies increasingly rely on AI to model the potential success of newly developed therapies and vaccines. 

Insurance carriers remain optimistic about the efficiencies to be gained by implementing AI-based applications into their workflows. The same is true for cyber insurance carriers, who over the last eight to 10 years entered the market to meet the needs of customers who seek protection from potential financial and operational ruin due to the rise of ransomware and other malicious activity perpetrated by cyber criminals. And, while AI is sure to benefit society when wielded properly, cyber carriers remain conscious that AI’s proliferation is a double-edged sword. Thus, cyber insurance will have an even greater role to play in an AI-dominated world.

The reasons are twofold:

First, harm from cyber attacks will be more widespread because of the threat posed by more sophisticated AI-based attacks. By using an AI-based attack, malicious actors will be able to operate in ways that are both highly efficient and highly scalable. For example, rather than disguising malware as an email attachment in a message from “your boss,” or hawking magic pills, a sophisticated AI-based attack may be capable of personalizing, instantaneously, the malicious email (or other vehicle) received by each target victim. 

Second, increasingly intelligent cyber attacks are likely to bring greater cost and consequences. Cyber-attacks today inflict financial harm and disrupt the productivity of the victim but generally do not alter people’s livelihood or society at large. We will see that blast radius grow exponentially in the future when malicious actors deploy cyber attacks against those AI-based systems that society increasingly relies on for day-to-day operations.

Look at the recent attack on the Colonial Pipeline and what it’s done to gasoline prices in the eastern U.S. Citizens’ freedom of movement may be jeopardized when a future cyber attack against a vehicle manufacturer not only disrupts assembly line production but also paralyzes entire fleets of autonomous vehicles operating on the vehicle manufacturer’s software. Or, in a more dire situation, if there is malicious disruption of the AI-based systems at the core of a vehicle’s control system. Disrupted AI-based hiring systems could also result in significantly slower access to available low-wage jobs. And patients may suffer or die when a hospital loses its ability to intelligently triage and provide treatment. In sum, the outcomes from a cyber attack could be devastating.

See also: Surging Costs of Cyber Claims

But the future is not entirely bleak. Cybersecurity firms and professionals continue to improve on threat detection and elimination tools by harnessing AI. These types of tools and software are capable of intelligently digesting data points gathered from both past and current attacks across a massive scale. Decreasing response time via the real-time adjustment of threat detection applications is among the myriad ways AI is changing the cybersecurity landscape. 

The adoption of AI by the insurance industry is also bringing about a paradigm shift. The most prominent example is Lemonade, a property and casualty insurer that makes decisions about policy underwriting and claims processing based entirely on AI. Lemonade went public via IPO in summer 2020; it raised $319 million in a single day. Opportunities for innovation abound.

As society absorbs AI into the framework of industry and people’s lives it should expect to reap enormous benefits but also protect those benefits by preparing for and managing attendant risks.

Wake-Up Call on Ransomware

The ransomware attack that shut down the 5,500-mile Colonial Pipeline, the largest fuel pipeline in the U.S., contains two important seeds of opportunity.

First, the federal government looks like it may get much more involved in preventing or at least prosecuting cyber attacks, specifically for important infrastructure like pipelines and electric grids, but perhaps more broadly, too.

Second, the attack raises the profile of the ransomware problem to the point that insurance clients may no longer be able to ignore it — which they mostly have even as ransomware activity quintupled globally between the first quarter of 2018 and the fourth quarter of 2020, according to Aon. This higher profile will create the opportunity for insurers to work with clients to finally step up their defenses.

Let me be clear, lest I come across as Polyannaish: This was a serious assault on a major piece of infrastructure and will likely result in higher gasoline prices, at least in the eastern half of the U.S. The attack also raises the prospect of devastating assaults on other pieces of key infrastructure, both in the U.S. and around the world. In addition, because the ransomware attack was arranged by a criminal ring in Russia, the attack brings into play all sorts of geopolitical issues that go well beyond what happens when some lone criminal hacks his way into a single corporation.

I’m merely suggesting that good things could also come out of the attack by the DarkSide group in Russia, because it underscores two problems that have long been obvious but that have somehow been ignored. The actions spurred by the attack won’t be perfect solutions by any means, but they should help.

The main action looks to be an aggressive response by the federal government, which has struck me as too passive as criminal gangs have greatly stepped up their ransomware attacks. There are limits to what the government can do against international gangs like DarkSide — it’s not as though President Biden can just call Vladimir Putin to complain and have him say, “Oh, sure, I’ll get right on it” — but having the Feds in the game should help a lot.

The other main action — the big opportunity for insurers — will occur because companies will increasingly see their vulnerability (finally!) and request help from the experts: the insurance companies that deal with cyber issues every day.

Thought leaders have been warning about ransomware for ages here at ITL — look at “5 Questions That Thwart Ransomware,” “A Dangerous New Form of Ransomware” and “Ransomware Becomes More Pernicious.”

Look, in particular, at this recent article: “How to Combat the Surge in Ransomware,” from Tokio Marine HCC’s Cyber and Professional Lines Group. It describes what I think is the ideal approach for insurers assisting their clients, not just by selling insurance but by helping them reduce their risks — steering clients toward state-of-the-art tools (priced based on the insurer’s bulk discount) that monitor vulnerabilities, toward using multi-factor authentication, toward training, etc.

As long as the bad guys have shown they can work together and take down big targets like the Colonial Pipeline, the good guys need to work together, too. That surely means more help from the federal government on what is a national and, increasingly, international problem but also means insurers need to step up and deliver the sort of expertise and counsel that they possess uniquely and that define the industry’s noble purpose.



P.S. Here are the six articles I’d like to highlight from the past week:

Workers Comp Trends for Technology in 2021

An efficient workflow passes 60% to 70% of medical bills straight through; workers’ comp has a long way to go.

Are Your Healthcare Vendor’s Claims Valid?

This article, the first in a series, looks at how regression to the mean is often misused to justify false claims about the success of wellness programs.

4 Ways to Seize the Latent Demand

Consumers recognize now more than ever the importance of adequate insurance coverage. Now is the time to seize on this opportunity.

Time to Reimagine the Finance Function

What’s possible for finance has been redefined: Comprehensive data makes it easier to connect performance across the business.

Tapping Into Life, Health Innovation

Those who welcome outsider participation in innovation can unlock new solutions without needing to reinvent their current businesses.

Insurance and Financial Protection

If the life insurance crisis is hard to understand, we must make it easy to comprehend. The insurance industry must lead us through this crisis.

Essential Steps for Cyber Insurance

Almost daily, news reports cover ransomware attacks involving Garmin; the world’s largest cruise line operator; the Las Vegas school district; Brown-Forman, the manufacturer of global distilled spirits brands like Jack Daniels and Finlandia; and the University of Utah, among other victims.

The attacks illustrate ransomware’s far-reaching and costly impact in terms of exposed data, disrupted operations and ransoms paid: Intruders claiming responsibility for the Brown-Forman attack, for example, said they had copied a terabyte of confidential internal network data and threatened to share it online, as part of the extortion. The cruise line operator, Carnival, experienced the compromise of guest and employee personal data. The Las Vegas school district notified employees that their Social Security numbers may have been stolen. The University of Utah reportedly arranged to pay more than $455,000 to satisfy a ransom demand, while Garmin reportedly paid $10 million after certain web sites, customer support and user application functions were blocked.

Clearly, companies are living in an age of high cyber risk. In addition to ransomware – which is targeting three of five organizations – wildly lucrative business e-mail compromises (BECs) are also behind mounting financial losses. Through BECs, adversaries create fake but authentic-looking e-mails (often disguised to look like they were sent by a high-level executive) to trick employees into wiring money into bank accounts controlled by the bad guys. Like ransomware, BECs are generating lucrative returns for fraudsters, costing U.S. businesses more than $300 million a month – up from $110 million a month in 2016, according to the U.S. Treasury Department’s Financial Crimes Enforcement Network (FinCEN).

To minimize the fallout from these and additional risks, organizations are increasingly investing in cyber insurance, a global market projected to reach $28.6 billion by 2026, up from an estimated $4.85 billion two years ago, according to a forecast from Allied Market Research. Cyber insurance often covers a company’s liability for data breaches leading to the compromise or loss of customers’ Social Security numbers, credit card accounts, health records and other personally identifiable information (PII). These insurance policies can also help a targeted organization cover the costs of customer breach notifications, fraud monitoring and the restoration of personal identities.

To be sure, cyber insurance is a significant investment. Acquired and managed correctly, this insurance coverage becomes part of an integrated cyber risk posture complementing security controls and policies. However, the insurance can bring a false sense of security and lead to coverage gaps and expensive disputes with carriers, if corporate IT, legal, risk and business leaders do not collaborate closely on the following essential action steps to take before updating or acquiring new coverage:

Inventory your assets – and understand their value

The IT ecosystem is much more dynamic today. The traditional perimeter no longer applies in the global, mobile age of digital transformation. There are more remote employees, third-party partners and non-traditional connected devices. Companies operate anywhere and everywhere, which leads to negotiating and purchasing coverage based on incomplete views of true assets and risks — increasing the probability of costly disputes. A single shift like moving e-mail, storage and other applications to the cloud, for example, could get entirely overlooked – and uncovered. That’s why IT and a cross-functional team of leaders must develop a comprehensive, current view of these assets and their role in supporting business continuity, customer services and the accomplishment of strategic/bottom-line goals.

An objective, “data-first” approach proves critical in visualizing and managing coverage requirements. Cyber insurance evaluation team members need to pinpoint where the data resides, and where it travels to, i.e., which non-traditional networked devices, new partners or regional offices it touches. Even if entirely new parties are not handling the data, team members must determine if they’re storing information in new internal locations and form factors, which may make the data more susceptible to theft or exposure.

See also: The Missing Tool for Cyber Resilience

Understand what is covered, and what is not

The cybersecurity profession uses terminology like “compromise,” “intrusion” or “incident.” The insurance domain assigns very specific meaning to works like “theft,” versus “loss” and “damages.” These terms are not interchangeable, and the stakes for coverage disputes and litigation are high because so much turns on whether a cybercriminal “broke in” to steal or ransom something, for example — versus tricking a victim to e-mail the attacker sensitive files figuring in a compromise.

Therefore, it’s critical to know coverage and limits before an incident, with the leadership team mapping out plausible attack scenarios and consequences, along with a range of possible outcomes in the form of stolen data, business disruptions, brand reputation damage and customer churn. Then, team members must ensure that these outcomes are covered in the scale and scope of coverage.

Enlist a digital forensics and incident response partner before you buy

Many organizations benefit from sharing their initial cyber insurance checklists and assessments with a trusted digital forensics and incident response (DFIR) partner experienced in cyber insurance investigations and related matters. A DFIR partner familiar with your business and industry sector brings invaluable “outside eyes” on potential coverage gaps and helps ensure your team will be able to preserve files and document how an incident occurred, maximizing the likelihood that accurate claims for covered incidents are processed as quickly as possible. 

Policyholders benefit from “writing-in” (specifying) the DFIR partner as the designated, go-to response firm for incidents. Otherwise, the carrier will designate a response firm from its list of default contractors – vendors that do not command the same level of knowledge about a firm’s IT ecosystem and operations. And default vendors work for the insurance provider to reduce its liability, instead of committing to the interests of the policyholder.

See also: How COVID Alters Claims Patterns

Cyber insurance is a booming part of the risk management world spurred on by current events. It can be a key part of your organization’s safety net. But, like any net, it can come with holes – holes that can amount to an unnecessarily expensive proposition for companies that fail to recognize and eliminate them. By combining complete IT asset awareness with granular attention to detail about coverage, an organization can move forward with its DFIR partner to ensure the continuous improvement of risk mitigation and containment efforts no matter how forbidding the circumstances – along with the right insurance plan for these uncertain times.