Ransomware: You Don’t Always Have to Pay


Ransomware attacks are growing in frequency, threatening the U.S. critical infrastructure, businesses, and public and nonpublic entities. It is also one of the most intractable and common threats facing organizations across all geographies. Key stakeholders have seen an increase in the average ransom payment by 43% to $220,298 in Q1 2021. With increasing sophistication and new targets, the impact of ransomware attacks in 2021 is going to be significant. Ransomware threat actors are adjusting their attack models putting businesses in a defensive mode. Most concerning is a new emphasis on double extortion ransomware attacks placing many victims in a catch-22 situation when deciding whether to pay to recover or suppress the publication of sensitive or even embarrassing information on the criminals’ leak site. This dangerous trend forces leaders to reassess risk, incident response strategy, ransom payment decision-making, insurance coverage, disaster recovery and business continuity. Tune in as we discuss this complicated threat landscape, the U.S. Treasury Department/Office of Foreign Assets Control (OFAC) Advisory, legal/ethical considerations, mitigation strategies, and the cyber liability insurance market.



    • Daniel Sutherland | Chief Counsel for CISA, the Cybersecurity and Infrastructure Security Agency | Washington, D.C.
    • Elizabeth Cookson, MS, EnCE | Director of Incident Response, Coveware | Washington, D.C.
    • Kelly Geary ACP, CCP, CIPP/US | Managing Principal, National Practice Leader – Executive and Cyber Risk, EPIC Insurance Brokers & Consultants of EPIC | New York City


Designed & Developed by Peak Seven