Quiz Entry - updated: 2026.06.24
When ransomware has hit, what key decisions does an organisation suddenly face?
How to find out what happened, who to mobilise, how to keep operating, what to report — and whether to pay.
These "what now?" questions map directly onto a real incident-response plan:
- Discover scope: how do we even find out what happened and how far it spread?
- Mobilise a crisis team: convene management/board (Krisenstab, GL, VR)
- People & operations: how do we inform staff — can they still work, should they come in?
- Legal duty: is there a reporting obligation to authorities/regulators? (In Switzerland, certain incidents must be reported; under GDPR, breaches of personal data within 72 hours.)
- Pay the ransom? If yes, how (and is it even legal)? If no, what happens to the leaked data?
The lesson: these decisions are far too consequential to improvise mid-crisis. You need a prepared incident-response plan, tested backups, and clear escalation paths before the attack — and security is the three pillars again: technology, process, and people.
Tip: Authorities generally advise against paying — it funds crime, marks you as a payer, and never guarantees recovery or deletion of stolen data.