First is the hiring of an outside consultant to come in and make sure that all files are clean and the hackers are not still "in the system" roaming around or parked with a Trojan Horse waiting for a future opportunity to exploit their previous intrusion.
Then there is the mention of the city of Baltimore which is now, post-attack, purchasing $20M in cybersecurity insurance. I'm sure that they are wishing they had the insurance before the 2019 attack on their networks.
Today, cyberinsurance should be part of a normal risk management portfolio for governments and businesses.
