Can Strategically Prioritizing Ransomware Protection and Implementing Specific Recommended Actions Potentially Reduce the Effects of a Ransomware Attack on an Organization?

The purpose of this research study was to explore what can be learned by prioritizing for ransomware and data loss protection during organizational strategic planning to mitigate the negative effects of these events while identifying specific actions and recommendations organizations can take to mitigate the effects of ransomware and associated data loss. The problem addressed was that many organizations have become or will become victims of massive data losses caused by ransomware attacks because ransomware security controls and data loss prevention are not prioritized during strategic planning (Breckenridge, 2020). The methodology used was a qualitative metasynthesis which examined six case studies that were chosen as a representative set of organizations that have experienced common effects that are often felt in the aftermath of either a ransomware attack, poor strategic planning for cybersecurity controls, or data loss. The findings show the emergence of several themes including a common lack of strategic planning, the inability to recognize network anomalies leading to malware installations that resulted in data breaches, the lack of or misuse of security controls, and the heavy consequences suffered as a result of not putting effort into preventing the data breaches. Additional examination focused on the need for a proactive approach to data loss prevention which demands the attention of organizational leadership at the highest levels.