Municipality exercises caution over suspicious EDR alerts
State Level Government - Local Government
Coverages: Breach Response
1. Breach response included the engagement of an incident response firm; the insured selected Coalition Incident Response.
2. The claim scenarios described here are intended to show the types of situations that may result in claims. These scenarios should not be compared to any other claim. Whether or to what extent a particular loss is covered depends on the facts and circumstances of the loss, the terms and conditions of the policy as issued and applicable law.
Something just wasn’t right. A municipality began noticing suspicious activity from Endpoint Detection and Response (EDR) alerts. They couldn’t discern what was happening but were concerned they were looking at the start of ransomware activity. So they took caution, shut down their network, and called Coalition’s Claims hotline late that evening.
Upon the scoping call, an investigation was set up early the following morning. The municipality’s Breach Response coverage kicked in, and Coalition Incident Response (CIR) got to work immediately to investigate the activity. Within 48 hours of the initial call to Coalition, CIR helped the municipality get its systems back up and running.
In the meantime, our Claims team helped the municipality proactively prepare a communication strategy for both employees and residents affected by the possible attack. In less than two weeks, CIR wrapped up its investigation and determined there was no malicious activity in the municipality’s network. From there, CIR assisted them with configuration changes to their EDR so they wouldn’t see the confusing information in the future.
Every minute counts if there’s a threat actor in your network. It was a cautious (and smart) move by this municipality to reach out to Coalition and shut down their systems the moment they detected suspicious activity. Because they had Breach Response coverage¹ ², the fees to investigate the anomalies were completely covered under their insurance policy². The only cost the municipality incurred was for counsel, which fell under its retention.
Coalition² brings together active monitoring, incident response, and comprehensive insurance to solve cyber risk. To learn more, visit coalitioninc.com.
Ready to learn more?
Our brokers and policyholders get access to all of the intel we have on how to prevent, remedy, and recover from breaches of all kinds.
We’re bringing a new approach to managing digital risk, and the world has noticed. Here’s what people are saying about Coalition.
We’re a team of experts, backed by powerful partners, developing a safer world.
Coalition’s products are offered with the financial security of Allianz Group* (A.M. Best A+ rating), Arch Specialty Insurance Company (A.M. Best A+ rating), Ascot Group** (A.M Best A rating), Fortegra Group (A.M. Best A- rating), Lloyd’s of London (A.M. Best A rating), Swiss Re Corporate Solutions*** legal entities (A.M. Best A+ rating), Vantage Risk Specialty Insurance Company (A.M. Best A- rating), and Chaucer Insurance Company DAC (A.M. Best A rating).
© 2024 Coalition, Inc. | Licensed in all 50 states and D.C. | CA License # 0L76155
* Insurance products are offered in the U.S. by Coalition Insurance Solutions Inc., a licensed insurance producer and surplus lines broker. Insurance products may not be available in all states, For further details see here. ** Insurance products may be underwritten by Ascot Specialty Insurance Company, Ascot Insurance Company, or an affiliated company, which are members of Ascot Group. *** Insurance products may be underwritten by North American Capacity Insurance Company, Swiss Re Corporate Solutions America Insurance Corporation, or an affiliated company, which are members of Swiss Re Corporate Solutions. Fortegra® is the marketing name for the service contract and insurance operations of the subsidiaries of The Fortegra Group, Inc.