Three key challenges highlight the need for greater alignment between security and the business, before during and after a cyber crisis event:
Traditional crisis response plans need to evolve—ransomware is a business risk, not simply a security problem.
Enterprise crisis response is a team sport and demands a business-focused crisis management function to deal with modern destructive events.
Existing crisis communications lack the transparency and agility to adapt to new cyber complexities.
A pre-defined decision framework, coupled with a greater understanding of the industry, its regulations, and customers, can support more robust crisis communications.
Ransomware is borderless—it impacts the enterprise, third-party ecosystems and multiple business stakeholders.
As attack surfaces evolve, crisis response needs to extend to address impacts on customers, corporate subsidiaries, suppliers, third parties, investment portfolios, and merger and acquisition targets.