Ransomware attack risks

Ransomware attacks and the potential threat to your company

Beth A. McKenney

Beth A. McKenney

Principal, Technology Risk Management, KPMG LLP

+1 313 230 3406

Richard Knight

Richard Knight

Principal, Advisory, and U.S. IT-Internal Audit Solutions Leader, Technology Risk Management, KPMG US

+1 703-286-8393

Edward Mccaffrey

Edward Mccaffrey

Director, Technology Risk Management, KPMG US

+1 347-582-8835

Ed Goings

Ed Goings

Principal, Forensic, KPMG US

+1 312-665-2551

Organizations of all sizes and across industries continue to be challenged with managing the risk and impacts of ransomware attacks. Developing a methodical approach to strategize, plan, identify, research, resolve, recover, report, and prevent ransomware attacks is critical to effectively mitigate the inherent risks and impacts posed by ransomware. One of the greatest challenges ransomware attacks present is the breadth of possible attackers and attack vectors. 

Incidents like the Colonial Pipeline ransomware attack are serious warnings for organizations. They highlight the urgency that, no matter what industry you’re in, you must operate with the mindset that you are a target and take action to ensure that your people are aware and processes are equipped.
Beth McKenney, Principal, Technology Risk Management group, KPMG LLP

If you don’t prepare your company may potentially face significant risks and impact, such as:

Restoring data from an older recovery point can result in a significant amount of lost business transactions or other critical data.

Data encrypted during the attack may not be able to be recovered, resulting in a significant loss of data.

Paying the ransom can lead to being targeted more in the future,

To mitigate against these risks, companies need a 3 pronged approach. 

Read more in our new point of view article, Technology Risk Management professionals discuss ransomware risks and how organizations can plan against, prevent, and respond to ransomware attacks that may be a threat to their business.


Did you know?

KPMG has highly trained Technology Risk Management and Cyber professionals that support first, second, and third line technology risk functions with vast experience in working with organizations to improve their ransomware resiliency plans, helping assessing and recommending preventive and detective controls to combat ransomware risks, and assisting in conducting table top exercises to help ensure preparedness for an attack.