Risk, enterprise costs and protection measures are calculated differently. In its words, the opportunity for ransomware attacks revolves around the popularity of technological protection and the overall attack. Bennett found that discussions with CIOs focused on the use of technical reference frameworks for ransomware attacks. “I try to convey risks to the CFO the same way I have to convey risks to the board. If you report to the CIO or the CTO, you can use buzzwords and acronyms, but with CFO, you don’t have a lease,” he told the CSO.
News reports on ransomware highlight the prevalence of these attacks, the ongoing risks to organizational attacks and how harmful it will be in terms of data loss and downtime.
Bennett said CFOs are more likely to ask about events that have impacted the organization over the past six years. So far, the answer may not be available, but as the news reports suggest, an attack may occur. Risks must be quantified based on potential damage to the organization rather than historical attack data.
