Conceal or Communicate? Organizational Notifications to Stakeholders Following Ransomware Attacks

Abstract

Ransomware attacks have become an unrelenting frustration for organizations of all sizes, industries, and locations. Although past research has examined how ransomware attacks can be more effectively prevented, little attention has been paid to understanding how organizations communicate with stakeholders. In contrast to some cyber incidents that remain hidden for months, ransomware attacks render systems inoperable immediately, which often requires a unique stakeholder response strategy. Drawing on principles from stakeholder theory and crisis response strategies, we examine the organizational communications following 101 ransomware attacks. Our results indicate that stakeholder notifications tend to be either customer-focused or investor-focused, but are rarely both. We also find that most notifications contain at least a basic level of detail, but that about one in ten communications are insufficiently informative. This work extends the field’s understanding of cybersecurity incident notifications within the unique context of ransomware attacks and reveals practical insights for cybersecurity managers.