Ransomware attacks: Signals of change and the risk agenda

How to effectively manage and respond to a ransomware attack

Beth A. McKenney

Beth A. McKenney

Principal, Technology Risk Management, KPMG LLP

+1 313 230 3406

Richard Knight

Richard Knight

Principal, Advisory, and U.S. IT-Internal Audit Solutions Leader, Technology Risk Management, KPMG US

+1 703-286-8393

Chief Audit Executives (CAEs) continuously assess how to deliver on their objectives to maintain trust of shareholders and stakeholders. This includes considering signals of change in risks faced by their organization and, in turn, changing the focus of the internal audit plan if needed. Our complementary series, On the CAE agenda, provides a full view of top risks highlighted this period.

Many boards and executive committees are now accepting that there is no guaranteed protection against ransomware. Management need a strategy to contain and limit the impact of an attack and have a ransomware scenario playbook to define how to effectively manage and respond to the attack. 

Risk considerations

  • A sustained outage can lead to losing customers and revenue streams, presenting a going concern risk.
  • Restoring data from an older recovery point can result in a significant amount of lost business transactions or other critical data. Data encrypted during the attack may not be able to be recovered, resulting in a significant loss of data. Any data touched by the cybercriminals or malware will bring into question the integrity of the data.
  • Misunderstanding cyber security insurance policies can lead to a greater financial impact to the organization if claims are denied.