Posted by Ray Garcia, Matt Gorham, and John Boles, PricewaterhouseCoopers, on Saturday, May 10, 2025
Summary
As ransomware attacks rise globally, boards need to actively engage in strengthening cybersecurity and resilience planning. With advanced attack methods and the growing “ransomware as a service” ecosystem, organisations face increased vulnerability, particularly with the shift towards remote work and third-party dependencies. This article discusses the importance of cybersecurity fundamentals and preparedness strategies for boards to effectively respond to ransomware incidents.
Key Points
- Ransomware attacks continue to escalate in frequency and complexity, creating significant risks for companies.
- Proactive preparation and business resiliency planning can notably reduce operational downtime and financial losses post-attack.
- Board members should ask critical questions regarding cybersecurity measures, incident response capabilities, and recovery plans.
- Deciding on whether to pay a ransom involves weighing various risks, including reputational and financial implications.
- Companies should have guided procedures for handling ransom payments, emphasising communication and strategic planning.
Why should I read this?
Ransomware isn’t just a tech issue; it’s a boardroom concern that can massively impact a company’s future. This article breaks down what your board should be doing to tackle ransomware threats head-on. If you’re part of a management team or board, reading this can save you from potential chaos down the line. We’ve done the heavy lifting, so get a grip on what you need to know to keep your organisation safe.