Ransomware Task Force calls for better incident reporting

Members from the Ransomware Task Force called for better incident reporting during a panel at RSA Conference 2022.

The RSA panel was titled “Progress in the Year of Ransomware: Analysis with the Ransomware Task Force” and featured four members of the task force: Phil Reiner, CEO of the Institute for Security and Technology (IST); Megan Stifel, IST chief strategy officer; Michael Phillips, chief claims officer at cyber insurer Resilience; and Michael Daniel, president and CEO of Cyber Threat Alliance.

The Ransomware Task Force is a public-private partnership formed last spring by the IST and dedicated to disrupting the threat of ransomware. The panel acted as a look at efforts made over the past year, as well as an opportunity to discuss progress that still needs to be made.

A key piece of the panel focused on incident reporting, which requires ransomware victims to notify the U.S. government after they’ve been struck by a cyber attack. The panelists discussed how difficult it is to get a complete picture of ransomware when public- and private-sector sources often have very different tallies when it comes time to present attack statistics each year.

“The FBI, through its IC3 reporting mechanism, came out with its ransomware reporting statistics, and it’s extraordinarily low compared to what even a specialist cyber insurance company would see year in, year out,” Phillips said. “So we still see this this data gap, whether it’s per unit of government or institutions like insurance companies, which aggregate the victim’s data and experience. We’re all seeing very partial aspects of the picture, which makes the reporting requirements that we’ve been discussing so, so important.”

In a report that launched alongside the task force, four recommendations were made to support victims. These included clarity from the U.S. Treasury in its ransom payment guidance, a recovery fund for organizations that refuse to pay the ransom, creating a ransomware attack reporting standard and requiring organizations to disclose ransomware payments to the government prior to paying.

Stifel said progress has been made on all four fronts, and while there is still a ways to go in some aspects (specifically…