Although executives of organizations report that ransomware is their number one security concern, and 87 percent of them expect an increase in cyber-attacks against their organizations over the next year, only one-third of them said they had conducted a tabletop exercise to prepare for a ransomware attack.

According to a survey of 50 executives, Deloitte found that although ransomware and cyber-attacks remain a top concern for executives, 54 percent of the executives surveyed stated that the organization had an incident response plan, but not specifically for a ransomware attack. Further, only one-third had actually conducted an internal simulation of a ransomware attack in order to prepare for such an eventuality.

Ransomware is not going away. One way to prepare for it is to conduct a tabletop exercise with your Incident Response Team. The most effective tabletop exercises in our experience are ones in which the team cannot prepare, is thrown into a scenario that has actually happened, and which the team has to work through, just like in real life. Such exercises are effective and eye-opening. When we conduct tabletop exercises, incident response teams have take-aways that they had never thought of before, and each member of the team understands their responsibility and the next steps if an incident occurs. The first tabletop exercise can be built upon to diminish the chaos that can happen when a security incident or ransomware attack occurs.

Now is the time to schedule your tabletop exercise to test your Incident Response Plan and your team.

Photo of Linn Foster Freedman Linn Foster Freedman

Linn Freedman practices in data privacy and security law, cybersecurity, and complex litigation. She is a member of the Business Litigation Group and the Financial Services Cyber-Compliance Team, and chairs the firm’s Data Privacy and Security and Artificial Intelligence Teams. Linn focuses her…

Linn Freedman practices in data privacy and security law, cybersecurity, and complex litigation. She is a member of the Business Litigation Group and the Financial Services Cyber-Compliance Team, and chairs the firm’s Data Privacy and Security and Artificial Intelligence Teams. Linn focuses her practice on compliance with all state and federal privacy and security laws and regulations. She counsels a range of public and private clients from industries such as construction, education, health care, insurance, manufacturing, real estate, utilities and critical infrastructure, marine and charitable organizations, on state and federal data privacy and security investigations, as well as emergency data breach response and mitigation. Linn is an Adjunct Professor of the Practice of Cybersecurity at Brown University and an Adjunct Professor of Law at Roger Williams University School of Law.  Prior to joining the firm, Linn served as assistant attorney general and deputy chief of the Civil Division of the Attorney General’s Office for the State of Rhode Island. She earned her J.D. from Loyola University School of Law and her B.A., with honors, in American Studies from Newcomb College of Tulane University. She is admitted to practice law in Massachusetts and Rhode Island. Read her full rc.com bio here.