We're sorry but your browser is not supported by Marsh.com

For the best experience, please upgrade to a supported browser:



Claims and Cleanup Information for WannaCry Ransomware Cyber-Attack


The ransomware cyber-attack that has hit hospitals, government agencies, and hundreds of thousands of computers in other organisations since May 12 was unprecedented in how quickly and widely it has spread.

If your organization has been impacted directly or indirectly through a customer or supplier, you should act quickly to contain the outbreak and collect information you may need to file a claim.

In the critical period after a cyber breach, businesses should:

  • Stop the damage. If you have not been able to contain the outbreak — or you are not sure whether you have contained it — you may need to contact a technology vendor. A cyber insurance policy may cover this expense, but it might require prior approval. Marsh is in partnerships with IT security consultants who will be able to assist with this.
  • Manage the initial response. Communicate the issue within your organization to stem the spread of the attack and assist in tracking your cyber response team’s claim-related activity.
  • Document the timeline of events. Tracking what occurred from the time of the breach through full recovery will assist in estimating the “period of recovery” for the loss.
  • Establish a protocol for identifying and properly categorizing claim-related costs. This will facilitate potential recovery against relevant insurance policies.
  • Provide analysis. Catalog all business interruption, extra expenses, or other financial impacts, even those not easily captured.

Marsh has teams specializing in Cybersecurity, Business Interruptions, Forensic Accounting & Claims, and Reputational Risk and Crisis Management.


You are leaving Marsh Broker Japan's website.  Marsh Broker Japan has provided this link for your convenience, but assumes no responsibility for the content, links, privacy policy or security policy of the website.

Do you wish to leave our website?