Business Case Studies & Business Publications

Held Hostage in the 21st Century: Cybers...

Gentile, Mary, Fee...

Case

Held Hostage in the 21st Century: Cybersecurity, Ransomware, and Crisis Management (A)

Gentile, Mary; Feehan, Ross

OB-1392 | Published May 24, 2022 | 4 pages Case

Collection: Darden School of Business

Add To Cart Buy Now

Product Details

This case is part of the Giving Voice to Values (GVV) curriculum. To see other material in the GVV curriculum, please visit http://store.darden.virginia.edu/giving-voice-to-values. Anni Anderson is the founder and CEO of Selah, a software and application company that aims to support users with everyday communication. Selah is a relatively young start-up that saw explosive customer-acquisition growth during the COVID-19 pandemic. Much to Anderson’s disappointment, Selah experiences a ransomware attack on the eve of closing its largest-ever round of funding from venture capitalists. As Anderson surveys her executive team in an emergency meeting, it becomes clear that the ransomware attack jeopardizes Selah’s standing not only among users but also among investors. Additionally, Anderson must communicate with Selah’s staff and board of directors, not to mention regulators, industry partners, and the media. In the A case, Anderson’s challenge is to organize and communicate her company’s response vis-à-vis the cyberattack. In the B case, we read a synopsis of effective responses that have actually been deployed in such situations. This case set addresses cybersecurity through the lens of one manager’s experience, paying particular attention to how she communicates with a broad array of stakeholders about the incident and company response. The case serves the educational interests of those aiming to train managers in areas such as crisis communication, risk management, and voicing values in matters of organizational decision-making.

This case is designed to help students practice the following: devising a strategic approach toward crisis communications in relation to multiple stakeholders—both internal and external to the organization—with varying interests; crafting specific messaging that targets audiences to take desired actions; planning for risk mitigation and response, amounting to a mini-handbook on cybersecurity risk management; and reflecting on the broader implications and complexities involved in cybersecurity risk and organizational leadership.