The first 48 hours in cyber incident response and claims
Gallagher has linked the early stages of cyber incident response to both operational outcomes and insurance issues. The firm notes that a cyber incident is reported in Australia about every six minutes, meaning organisations may need to make decisions under time pressure when responding to an attack. The brokerage’s cyber and technology specialists report that ransomware and extortion incidents now frequently involve data exfiltration as well as, or instead of, system encryption. Even when systems are restored from backups, attackers may threaten to release information, extending the incident from a technical disruption to legal, regulatory, and reputational consequences. According to the firm’s guidance, initial steps usually include isolating affected systems, protecting backups and privileged accounts, preserving forensic artefacts, and engaging specialist incident response providers. Gallagher also notes the value of a defined internal decision-making structure so that technical, legal, communications, and insurance workstreams are coordinated rather than handled separately.