Published: 9 February 2023
Case Study: Lessons from Ransomware attack on Mercury IT
Provided by Delta Insurance New Zealand
One of the most common cyber security threats impacting businesses is ransomware attacks. You may have seen in the media a randsomware attack in December 2022 involving the government clients of Mercury IT, a Managed Services Provider (MSP). The Ministry of Justice and Te Whatu Ora (Health New Zealand) were among some of the public authorities impacted.
This “Supply Chain Hack” cyber attack delivered multiple lessons. While the incident confirms why specialist insurance is a vital component of cyber risk mitigation, it also demonstrates the necessity for cyber security due diligence when selecting your MSP including:
- Providing proof of appropriate cyber insurance
- Maintaining a formal, documented cyber security plan, demonstrating effective network security protocols
- Documenting internal security policies
- Offering Service Level Agreements which include documented Mean Time to Recovery and evidence of a fully tested disaster recovery plan
- Inclusion of cyber security incident notification clauses in the contract documentation