PwC’s “Ransomware and the board’s role: what you need to know” outlines six questions the board should ask management about its practices and policies so that it can effectively oversee ransomware risks. The firm is careful to distinguish management’s role (risk management) from the board’s oversight responsibilities. Its guidance to boards concerning this potentially significant risk is logically framed accordingly. The brief publication also includes a list of considerations to evaluate as part of any ransomware payment demand.
See also PwC’s “Ransomware: four things you need to know about the new dangers — and what you should do” (includes simulated ransomware scenario); these memos: “Is Your Board Prepared for Ransomware Attacks?” (Woodruff Sawyer), “A Practical Guide to the Role of Directors in Fighting Ransomware” (Skadden), and “A Guide for Boards and Companies Facing Ransomware Demands” (Milbank); this June 2020 Society member Quick Survey: “Cybersecurity: Ransomware Practices/Policies Benchmarking”; and additional resources on our Cybersecurity/Data Privacy page. This post first appeared in the weekly Society Alert!