When natural disasters strike, first responders rush to the scene. In the aftermath, homeowners turn to their insurance carriers to help them pick up the pieces. Although the process is often onerous, most homeowners are able to rebuild. When a cyberattack occurs, incident responders are deployed to contain and isolate the crime scene, trace the criminals’ steps and limit the damage. If it’s a ransomware attack, this process may take longer and require more resources and decisions—many of which may be dictated not by a company’s security leader or senior executives but by the insurance carrier. To ensure an insurance claim can be made in the aftermath of a breach or attack, many cyberinsurance carriers are now requiring involvement in every step of the incident response process, including ransomware negotiations and payment decisions.