Hit by ransomware? Should you confer with the FBI?

September 20, 2023
Laptop map superimposed connections

The FBI serves as the lead federal agency for investigating cyber attacks by criminals, and is publicly committed to collecting and sharing intelligence and engaging with victims, “while working to unmask those committing malicious cyber activities, wherever they are.”1

Companies who have partnered with the FBI have reported a variety of benefits, including:

Collaboration: The FBI has publicly committed to treating a victim like a victim and to collaborating closely with outside counsel to navigate any legal concerns.
Compliance: In certain cases (e.g., matters of national, economic, or public health and safety security) laws and/or regulations require companies to report cybersecurity incidents. Reporting to the FBI can help the company fulfill these compliance requirements.
Confidentiality: The FBI is mindful of the reputational risks and harm these incidents may cause. Accordingly, information shared with the FBI is kept confidential.
Deterrence: The FBI routinely engages with information security teams to share information it knows about threats and provide recommendations to mitigate the impact of the incident.
Insurance: Reporting cyber incidents to law enforcement, such as the FBI, can help bolster insurance claims. Certain cyber insurance policies require cooperation with law enforcement as part of the claims submission process.
Mitigation: Sharing information about the tactics used by threat actors helps the FBI update its approach and mitigation procedures, and further protects your company and other potential targets of similar incidents.
Relationships: Collaboration with the FBI and other law enforcement agencies, where appropriate, facilitates cooperation between the public and private stakeholders, leading to more effectively addressing cyber incidents in the long term.
Relevance: The FBI is typically interested in the technical details related to these incidents (not privileged communications or unrelated documents).
Resources: Leveraging its unique law enforcement authorities allows the FBI to seize assets/infrastructure and more quickly disrupt the threat.
Support: If the incident becomes public, strategic cooperation with law enforcement can strengthen the victim’s position with shareholders, insurers, lawmakers, and media to better support the victim’s data breach response.

Key contacts