Academy - Cyber Crisis Management

A blurred image of a Youtube video

This video content is only available to Airmic members. To view this content please login or register to become an Airmic member today.

Kroll Cyber experts will take you through a typical cyber crisis experienced by hundreds of companies daily. We will look at the indications that something might be wrong, the type of information available, how response teams operate, and ultimately the information executives and boards receive. We will consider the decisions which must be taken by the company and their advisors in order to return to business as usual.

Last year, Kroll experts responded to over 2500 cyber crisis events for their clients globally. Many of these events involved the theft or encryption of confidential data. Using their experience gained over these and many other crisis events, two of Kroll’s senior staff will provide a “case study” of a typical incident, the players involved, the information they need to make critical decisions, the role of external advisors and experts and ultimately the potential for regulatory notification and the additional demands that places on the response team.


  • Andrew Beckett, Regional Managing Director EMEA Kroll Cyber
  • Ioan Peters, Managing Director and DFIR Lead EMEA, Kroll Cyber

By the end of the session, you will be able to:

  1. Identify key security roles within an organisation.
  2. Explain the types of information needed to support a response.
  3. Describe the roles of external advisors (external counsel, digital forensics, crisis comms) and how the interact with the in-house response team and the claims manager.
  4. Evaluate the role of the regulators and the potential need for regulatory notification, not just to the regulators, but to consumers as well.
  5. Appreciate the types of decisions faced by a company suffering a cyber incident and the time pressures when making them.

This session will be of interest to underwriters and claims handlers beginning to work within cyber and/or handling cyber policies.

Grouping title: