Regulators are often warning firms about the importance of cyber security readiness and the obligations of registrants to ensure that that there is a documented incident response plan to address cyber security incidents. The Canadian Investment Regulatory Organization (CIRO) has released a “playbook” resulting from its 2023 cybersecurity table-top exercises for small and medium sized CIRO member firms. During these studies, participants discussed crisis responses and shared information related to responding to both a ransomware attack and an insider threat event. CIRO’s published Ransomware Response Playbook (the Playbook), authored by Juno Risk Solutions at CIRO’s request, has been created as a guide when dealing with a ransomware attack, where malware is placed on a target’s computer system to lock out those systems for ransom in exchange for a key and/or a promise not to release stolen data.
The Playbook runs through the risks of a cyber incident, as well as suggested immediate responses such as the creation of a cyber incident response team (to conduct initial incident triage) and escalation to the business continuity and executive teams as appropriate. The Playbook also emphasizes the importance of evaluating the possibility of legal action and whether the incident should be subject to legal privilege. Notification to a firm’s cyber insurance provider or insurance broker is also discussed, as is stakeholder management and a high-level risk-based impact assessment framework. It is suggested that the framework can help the executive team prioritize response efforts, consider the range of impact to the business, and help decide whether to pay the ransom.
In addition, the Playbook contains a helpful table of risk impact considerations including financial, operational, and regulatory factors to help those impacted make decisions with respect to the ransom demand. The importance of post-crises analysis is emphasized, indicating that investigating the cause of the crisis, acting on any wider cultural problems and looking for opportunities to change may provide both a competitive advantage and improve firm resilience.
February 29, 2024