Research Report
Ransomware reoriented
5-MINUTE READ
March 30, 2022
In the immediate aftermath of a ransomware attack, it’s vital to understand business priorities. Yet, it’s often unclear who has decision-making authority or overall accountability, which can slow response and recovery efforts.
Defining a crisis decision framework up front involves identifying decision-making thresholds aligned to the business strategy, the organization’s risk tolerance, its cyber communications strategy and clear accountability for both technical and business decisions during a crisis event. What’s more, it’s essential to regularly review that decision-making criteria, fine-tuning it over time to keep pace with organizational change.
From shaping the communications strategy, to implementing a balanced approach to threat containment and eradication—or tackling whether to pay or not to pay a ransom—documenting and exercising a crisis decision framework can help organizations better prepare, speed up responses and, ultimately, ease the pressures of extortion demands.
increase YoY in ransomware and extortion attacks.
of ransomware attacks impacted organizations based in the United States, followed by Italy 8%, Australia 8%, Brazil 6%, and Germany 6% (Top 5 Countries).
Source: Accenture Cyber Investigations, Forensics & Incident Response Engagements.
By adopting a strong communications plan, leaders can tackle ransomware for what it is—a crisis that needs to be handled in a business-focused manner.
Robert Boyce / Managing Director, Accenture Security
Three key challenges highlight the need for greater alignment between security and the business, before during and after a cyber crisis event:
Traditional crisis response plans need to evolve—ransomware is a business risk, not simply a security problem.
Enterprise crisis response is a team sport and demands a business-focused crisis management function to deal with modern destructive events.
Existing crisis communications lack the transparency and agility to adapt to new cyber complexities.
A pre-defined decision framework, coupled with a greater understanding of the industry, its regulations, and customers, can support more robust crisis communications.
Ransomware is borderless—it impacts the enterprise, third-party ecosystems and multiple business stakeholders.
As attack surfaces evolve, crisis response needs to extend to address impacts on customers, corporate subsidiaries, suppliers, third parties, investment portfolios, and merger and acquisition targets.
Here are some practical steps to help manage and modernize a ransomware response:
01: Enhance your business preparedness
02: Communicate openly with care
03: Get the CEO and Board onboard