Lessons learned by a company facing a ransomware cyber-attack: A case study

journal article in Scopus

English

The aim of the article is to describe and present the behavior of one case related to Czech firm before and after being threatened and infected by a cyber-attack. Lessons learned from the experience of facing the cyber-attack will help as a prevention to other firms to avoid the same mistakes and mitigate the risk of the cyber-attack or its consequential impacts on their competitiveness. The article is based on deep interviews with a representative of an international manufacturing company. The company was confronted with a cyber-attack in 2023. Data was collected through interviews with a member of the ICT team that oversaw defusing the attack and its impacts. Results show that the company invested a lot of effort in preventive measures even before the cyber-attack. Nevertheless, several changes in processes, internal rules, and procedures were identified after the attack. In addition, identification of changes in processes, organization, and definition of new rules and procedures are the most valuable outcome of the study that will help other companies to enrich their anti-cyber-attack policy. By assimilating these insights, companies can enhance their preparedness and resilience against cyber threats, ultimately safeguarding their competitiveness in an evolving digital landscape.

cyber-attack, ransomware, organizational culture, anti-cyber-attack policy, cyber prevention, preventive measures

VÁCLAVÍK, L.; ŠPATENKA, J.; PETROVÁ, K.; ZWILLING, M.

2. 5. 2025

Sage Publications

Thousand Oaks, California, USA

2043-8869

Journal of Information Technology Teaching Cases

may

may

United Kingdom of Great Britain and Northern Ireland

1

12

12

https://journals.sagepub.com/doi/epdf/10.1177/20438869251337096