Ransomware attacks are growing in frequency, threatening the U.S. critical infrastructure, businesses, and public and nonpublic entities. It is also one of the most intractable and common threats facing organizations across all geographies. Key stakeholders have seen an increase in the average ransom payment by 43% to $220,298 in Q1 2021. With increasing sophistication and new targets, the impact of ransomware attacks in 2021 is going to be significant. Ransomware threat actors are adjusting their attack models putting businesses in a defensive mode. Most concerning is a new emphasis on double extortion ransomware attacks placing many victims in a catch-22 situation when deciding whether to pay to recover or suppress the publication of sensitive or even embarrassing information on the criminals’ leak site. This dangerous trend forces leaders to reassess risk, incident response strategy, ransom payment decision-making, insurance coverage, disaster recovery and business continuity. Join us as we discuss this complicated threat landscape, the U.S. Treasury Department/Office of Foreign Assets Control (OFAC) Advisory, legal/ethical considerations, mitigation strategies, and the cyber liability insurance market.
In addition to the speakers below, a representative from the Cybersecurity Infrastructure Security Agency (CISA), Department of Homeland Security will also join us. CISA is the nation’s risk advisor, working with partners to defend against today’s threats and collaborating to build more secure and resilient infrastructure for the future.
Elizabeth Cookson, MS, EnCE | Director of Incident Response, Coveware | Washington, D.C.
- Elizabeth Cookson is director of incident response at Coveware and has extensive subject matter expertise in ransomware, cyber extortion negotiations and global threat intelligence.
Kelly Geary ACP, CCP, CIPP/US | Managing Principal, National Practice Leader – Executive and Cyber Risk, EPIC Insurance Brokers & Consultants of EPIC | New York City
- Kelly Geary is a managing principal with EPIC Insurance Brokers and Consultants based in the New York City area. She serves as the National Practice Leader – Executive and Cyber Risk. Kelly has spent approximately 28 years in the insurance industry. Kelly is actively involved in the evaluation, analysis, and negotiation of insurance products tailored to address operational, management and cyber risks and exposures to firms and companies of all sizes, across all industry segments. In addition, Kelly provides risk management counseling, policy and contract evaluation services and claim advocacy to professional service, consulting, and financial firms as well as large public and private companies in varying industry verticals. She is certified by the International Association of Privacy Professionals as a U.S. Information Privacy Professional (CIPP/US). Kelly also serves on the Executive Council and a faculty member of the Claims Litigation Management Alliance Claims College, School of Cyber. Kelly is involved in creating standards and best practices in the handling of cyber claims in connection with standalone cyber as well as cyber coverage contained within other insurance products. Kelly is also a certified Cyber Claims Professional (CCP) and Advance Claims Professional (ACP).
Karen Painter Randall | Connell Foley, LLP | Roseland, New Jersey
- Karen Painter Randall is a partner and Certified Civil Trial attorney at Connell Foley LLP, where she chairs the Cybersecurity, Data Privacy and Incident Response Group. With extensive experience advising on cybersecurity, data rights, and privacy laws and regulations, Karen provides proactive measures to safeguard enterprise data, including security assessments, policies and procedures, security awareness training, incident response plans, and cyber liability insurance. Importantly, she also serves as incident response counsel, leading the incident response effort quickly and efficiently on crippling data breaches, particularly those involving insider threats, wire transfer fraud/business email compromise, and ransomware attacks. She drives strategic solutions related to post-breach issues, including forensic and e-discovery investigations, statutory notifications, remediation, class action litigation, regulatory enforcement actions, and investigations. Karen received three presidential appointments to the American Bar Association’s Cybersecurity Legal Task Force and was recently named the Task Force’s Private Sector Liaison. Karen also chairs the USLAW NETWORK Cybersecurity and Data Privacy Group.
Kevin Szczepanski |Barclay Damon LLP | Buffalo, New York
- A trial and appellate lawyer who primarily concentrates his practice on insurance-coverage litigation and cyber risks, Kevin has extensive experience litigating directors and officers (D&O), errors and omissions (E&O), and property and casualty (P&C) coverage under both primary and excess policies. As co-leader of the Cybersecurity Team, Kevin represents businesses facing first- and third-party losses due to data breaches, service interruptions, theft, and other cyber threats. He represents clients in cybersecurity matters before state regulators. He also counsels clients on contract drafting and coverage for cyber risks and represents them in liability and coverage disputes. He has served as both lead settlement and trial counsel in highly sensitive business and coverage disputes. He also advises clients on insurance-policy drafting and underwriting issues.