We no longer support this browser. Using a supported browser will provide a better experience.

Please update your browser.

Close browser message

Treasury and Payments

Improve your working capital, reduce fraud and minimize the impact of unexpected disruptions with our treasury solutions—from digital portals to integrated payables and receivables—all designed to make your operations smoother and more efficient.

Learn more about our treasury solutions:

Commercial Real Estate

Get the strategic support to be successful throughout market and real estate cycles with insights, hands-on service, comprehensive financial solutions and unrivaled certainty of execution.

Learn more about our commercial real estate solutions:

International Banking

Global opportunities mean global challenges. But real success means understanding the local markets you serve—which is why we bring the business solutions, insights and market perspective you need. 

Learn more about our international banking solutions:

Cybersecurity and Fraud Protection

Does your disaster recovery plan cover ransomware attacks?

A cyberattack can have severe consequences for your organization. But a well-designed response plan can help get your operations back online.

Companies of all sizes and industries can be targets of a ransomware attack. And ransomware’s damages aren’t limited to financial losses; an attack can disrupt your operations and harm your company’s reputation.

This makes it imperative that your organization prepares against ransomware—just as you would any other natural or operational disaster. That begins with developing a disaster recovery plan (DRP).

A DRP can help you restore IT functions after a major disruption, whether caused by a fire, flood or cybercriminals. An effective recovery plan includes:

  • Procedures and instructions to follow in a crisis
  • Business processes
  • Organizational assets
  • Anticipated recovery times

Here are four steps to help you create an effective disaster recovery plan.


1. Conduct a business impact analysis (BIA)

A BIA predicts the consequences of a business disruption and gathers information to develop recovery strategies.

Why it’s key: This analysis is the foundation for your entire DRP.

It should consider a wide range of potential impacts, including:

  • Delays, lost sales and reduced revenue
  • Increased expenses (overtime labor, outsourcing costs, contractual penalties, regulatory fines, etc.)
  • Customer dissatisfaction or defections
  • Reputational harm


2. Identify critical systems

Identify and prioritize the systems and operations your organization will need to resume business activity after a disaster.

Why it’s key: In a crisis, you’ll need to focus on recovering the systems with the greatest impact on your operations.

After an attack, your organization may not be able to use its usual communication channels and internet connection. Your recovery plan should outline:

  • Alternate communication channels
  • Workarounds to perform critical functions such as vendor payments and payroll
  • A pre-drafted memo addressed to your bank detailing how certain employees can contact the bank and the actions they’re authorized to perform


3. Develop the plan

At this stage, you and your leadership team should lay out the specifics of your response plan. How will you restore systems? What’s the expected time frame for system restoration? What resources are necessary? Who will implement recovery efforts?

Once you answer those questions, be sure to put your recovery plan in writing and update it on a regular basis.

Why it’s key: In the wake of an attack, you want the plan to be relevant and up to date.


4. Test and exercise

Test your DRP by conducting simulated tabletop exercises and live rehearsals.

Why it’s key: You don’t want to find gaps or shortcomings in your plan during an actual attack. Simulations give your organization a chance to practice.


There is no way to completely ensure you will not be a victim of ransomware, so heightened diligence and ongoing review of your controls with your internal and external partners is of paramount importance.

For additional information or questions about how to protect your organization from ransomware attacks, contact cyber.exercise@jpmchase.com.

Healthcare Government Cybersecurity and Fraud Protection Phishing

Get in Touch and Stay Informed