The paper provides a view for re(insurance) organisations on the risks associated with ransomware, providing insights specific to the insurance industry. The paper discusses ransomware trends, regulatory developments and the threat profile for insurers, it also examines ransomware groups and the strategies they operate when launching attacks. The paper then looks at the defence measures that (re)insurance organisations can leverage on to prepare for ransomware attacks, reduce the risk of compromise and manage the impact of any attack. A chapter is devoted to the CRO Forum member’s view on the key controls, making reference to the NIST Cybersecurity Framework, that should be prioritised in response to the ransomware risk. The paper closes with a brief summary on ransomware and the CRO Forum’s management recommendations on minimising the risk of the ransomware, this is further supported by an appendix that can be used as a tool to assess an organisation’s internal controls and resilience to ransomware attacks.
