Strategic cyber adviser to the CEO & Board - Medibank Private

Ashurst Risk Advisory was retained by Medibank Private Limited, Australia's largest private health insurer, prior to a 2022 cyber attack to uplift cyber response policies and plans and conduct simulation training. We were then appointed as the principal adviser to the CEO and Board from the first day of the attack, working closely with the crisis management team on all aspects of the attack. 

Our solution 

We acted as the strategic adviser to the crisis team and Board on setting priorities and objectives, planning the activities of the crisis management organisation and project management, communications and stakeholder management, customer wellbeing, the forensic investigation, communications with the threat actor, the decision to pay, or not pay a ransom, liaison with law enforcement, the scope of post incident reporting and the long term strategy to recover brand and reputation. 

We were subsequently asked by Medibank to appear on the ABC Four Corners program to assist in explaining the complexity of high impact cyber attacks and the challenges organisations face when encountering them for the benefit of the broader community. 

Client outcomes 

Medibank’s strategic management of government stakeholders and focus on mitigating customer harm, while navigating a highly public ransom threat, was seen as market leading and helped to protect Medibank's market share and reputation.