Share these talks and lectures with your colleagues
Invite colleaguesResearch paper
Your decision: Senior professionals’ decision making during a simulated ransomware attack
Cyber Security: A Peer-Reviewed Journal,
8
(2),
177-188
(2024)
Abstract
The current authors surveyed 315 senior professionals of Swiss organisations for their decision making in a simulated ransomware attack. They were put into the shoes of a chief executive officer (CEO) of a fictitious organisation that is victim of a ransomware attack. The study described in this paper used an interactive ransomware simulation presentation. In three stages, study participants voted for their preferred course of action using the mentimeter.com platform. The results of this study help to better understand senior professionals’ preferred choices in ransomware decision dilemmas. It shows that most decision makers would report an attack to authorities and would not pay a ransom. In reality, however, this preferable path of action might not always be observable, ex post. The current authors call for decision makers to be more sensitive about ransomware decision dilemmas to strengthen business continuity operations. This can help to increase crisis management efficiency and effectiveness while minimising losses.
Keywords: ransomware; decision making; interactive simulation; senior professionals; business environment
The full article is available to subscribers to the journal.
Author's Biography
Fabian Muhly is a Partner at Leo & Muhly Cyber Advisory. He is a consultant and researcher in information security. He deals with the human factor of cyber risks as well as with innovative methods for knowledge transfer. Fabian holds a PhD in criminology and degrees in economics and business administration. During his professional career in management consulting and the finance department of international companies, he developed his interest in the strategic challenges of cyber risk and cybercrime, and in particular in the human security factor. His research interests include, but are not limited to, the behavioural and psychological aspects of information security and human factor empowerment to increase cyber risk resilience. Fabian has published articles in renowned outlets such as Harvard Business Review and MIT Sloan Management Review. He is part of EUROPOL’s expert network on data protection and cybercrime, affiliated lecturer at the University of Glasgow and lecturer for the CAS in Business Protection at the University of Applied Sciences in Business Administration Zurich.
Philipp Leo is a Partner at Leo & Muhly Cyber Advisory. He is a consultant to numerous authorities and organisations in Switzerland and abroad and a proven expert on cyber risks and digitisation. He combines technical expertise with years of experience in the fields of business, administration and defence. In his international speaker activity, Philipp speaks about the digitisation of the state and society. His topics include strategic issues of information security and transformation programmes to improve digital resilience. He teaches the would-be cyber specialists in the Swiss Armed Forces cyber course. Philipp studied economics, computer science and art history at the University of Zurich. Subsequently, he worked in various management functions for management consultancies, banks and media companies. He was also a delegate for the United Nations in South Korea for two years. Philipp has published articles in renowned outlets such as MIT Sloan Management Review. He is part of EUROPOL’s network of experts in data protection and cybercrime, affiliated lecturer at the University of Glasgow and lecturer for the CAS in Business Protection at the University of Applied Sciences in Business Administration Zurich.
