Skip to main content Skip to footer

Research Report

Ransomware reoriented


March 30, 2022

In brief

  • Ransomware is often seen as a technology or security problem—not an issue to be tackled by the business, for the business.
  • Existing recovery strategies that are tuned to traditional business continuity plans are no longer enough.
  • Business leaders can recover from attacks more quickly if they understand—and prepare for—ransomware’s implications across the whole organization.

The ransomware evolution

In the immediate aftermath of a ransomware attack, it’s vital to understand business priorities. Yet, it’s often unclear who has decision-making authority or overall accountability, which can slow response and recovery efforts.

Defining a crisis decision framework up front involves identifying decision-making thresholds aligned to the business strategy, the organization’s risk tolerance, its cyber communications strategy and clear accountability for both technical and business decisions during a crisis event. What’s more, it’s essential to regularly review that decision-making criteria, fine-tuning it over time to keep pace with organizational change.

From shaping the communications strategy, to implementing a balanced approach to threat containment and eradication—or tackling whether to pay or not to pay a ransom—documenting and exercising a crisis decision framework can help organizations better prepare, speed up responses and, ultimately, ease the pressures of extortion demands.


increase YoY in ransomware and extortion attacks.


of ransomware attacks impacted organizations based in the United States, followed by Italy 8%, Australia 8%, Brazil 6%, and Germany 6% (Top 5 Countries).

Source: Accenture Cyber Investigations, Forensics & Incident Response Engagements.

By adopting a strong communications plan, leaders can tackle ransomware for what it is—a crisis that needs to be handled in a business-focused manner.

Robert Boyce / Managing Director, Accenture Security

What's happening?

Three key challenges highlight the need for greater alignment between security and the business, before during and after a cyber crisis event:

Traditional crisis response plans need to evolve—ransomware is a business risk, not simply a security problem.

Enterprise crisis response is a team sport and demands a business-focused crisis management function to deal with modern destructive events.

Existing crisis communications lack the transparency and agility to adapt to new cyber complexities.

A pre-defined decision framework, coupled with a greater understanding of the industry, its regulations, and customers, can support more robust crisis communications.

Ransomware is borderless—it impacts the enterprise, third-party ecosystems and multiple business stakeholders.

As attack surfaces evolve, crisis response needs to extend to address impacts on customers, corporate subsidiaries, suppliers, third parties, investment portfolios, and merger and acquisition targets.

Modernizing ransomware response

Here are some practical steps to help manage and modernize a ransomware response:

01: Enhance your business preparedness

  • Know the many moving parts that make your business profitable — critical processes, their underpinnings, and downstream dependencies across every area of the business— and what your priorities are in the event of an attack.

02: Communicate openly with care

  • Define an agile communications strategy that considers the complexities of a cyber event from a technical and business perspective.

03: Get the CEO and Board onboard

  • Testing and validating attack prevention, detection, response and recovery is common for most security teams, but this step can be enhanced by including the CEO and Board.
  • Evolve tabletop exercises to include executive-level simulations to test your defenses and introduce the risk and adrenalin of a "real life" attack scenario.


Robert Boyce

Managing Director – Accenture Security, Cyber Resilience Services Lead

Ryan Leininger

Senior Manager – Accenture Security