Chief Audit Executives (CAEs) continuously assess how to deliver on their objectives to maintain trust of shareholders and stakeholders. This includes considering signals of change in risks faced by their organization and, in turn, changing the focus of the internal audit plan if needed. Our complementary series, On the CAE agenda, provides a full view of top risks highlighted this period.
Many boards and executive committees are now accepting that there is no guaranteed protection against ransomware. Management need a strategy to contain and limit the impact of an attack and have a ransomware scenario playbook to define how to effectively manage and respond to the attack.
Risk considerations
- A sustained outage can lead to losing customers and revenue streams, presenting a going concern risk.
- Restoring data from an older recovery point can result in a significant amount of lost business transactions or other critical data. Data encrypted during the attack may not be able to be recovered, resulting in a significant loss of data. Any data touched by the cybercriminals or malware will bring into question the integrity of the data.
- Misunderstanding cyber security insurance policies can lead to a greater financial impact to the organization if claims are denied.
