What information is most essential for the board/executives to decide whether to pay ransomware attackers (in cases where ransom payment is not banned)?

Threat Intelligence & Incident ResponseRisk Management
2.4k viewscircle icon5 Comments
Sort by:
Director of IT in Healthcare and Biotecha year ago

I agree with Evan Marks' comments.  The only thing I would add is making sure the board has been briefed by law enforcement as well.

Director Of Information Technology in Manufacturinga year ago

A document recovery plan that has been documented, executed and proven. This provides insight for executives on what down time may be involved. 

Director of ITa year ago

It's a combination of the above.

There are several key inputs to the decision.  1.  Do you have a strong DR/ECP Plan and how long would it take for you to recover?  2. What is the loss of Revenue and Profit during this timeframe?  3. What Legal issues and costs  could also arise from being unable to provide services during this time? Are lives at risk?  4) What would it take to put safeguards in place to  prevent a repeat attack? 5) Lastly, what are the chances that payment of the ransom will truly prevent the attacker from coming after you again?  Overall, Paying a ramson should be a last resort and spending money up front to minimize the chances of a successful ransomware attack should  be strongly considered

Lightbulb on1
Vice President, Infrastructure Architect in Finance (non-banking)a year ago

A *realistic* estimate of how long it will take to get back to full operations in either scenario.  Management needs to know what kind of costs/losses they incur in either case.  This is not the time to sugarcoat or attempt to be the hero/pull off a miracle.

IT Manager in Constructiona year ago

I believe you can't add more, the opinion are pay or not pay with the second one highly suggested.
I believe the board can only count the votes.

Content you might like

What are your organization’s drivers for implementing RegTech?

Support future growth36%

Automate manual processes59%

Demonstrate compliance49%

Reduce risk exposure43%

Improve customer experience16%

Reduce costs13%

View Results

How do you manage risk with contractors in your supply chain?

Keep hard copies and file paperwork13%

Update spreadsheets to create reports44%

Use a digital supply chain management solution27%

Partner with a third-party vendor11%

Other (comment below)3%

View Results

How are you socializing quantum-safe cryptography with your organization's leadership team? What’s your approach to the messaging around that given the complexity?

Read More Comments

What sorts of failsafe processes/controls, etc, do you rely on to make sure terminated or suspended employees’ access credentials are revoked immediately? Does your org generally rely on direct communications from HR or do you have an HRM or similar system to automate this?

Excluding CVE, what other vulnerability databases/info sources do you use currently? Have you developed any contingency plans to lean on in case the CVE program loses funding?