{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,8]],"date-time":"2026-05-08T22:17:52Z","timestamp":1778278672661,"version":"3.51.4"},"reference-count":73,"publisher":"Oxford University Press (OUP)","issue":"1","license":[{"start":{"date-parts":[[2024,7,30]],"date-time":"2024-07-30T00:00:00Z","timestamp":1722297600000},"content-version":"vor","delay-in-days":211,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"name":"The Research Institute for Sociotechnical Cyber Security"},{"DOI":"10.13039\/501100000266","name":"Engineering and Physical Sciences Research Council","doi-asserted-by":"publisher","id":[{"id":"10.13039\/501100000266","id-type":"DOI","asserted-by":"publisher"}]},{"name":"National Cyber Security Centre"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2024,1,2]]},"abstract":"Abstract<\/jats:title>\n Ransomware is a pernicious contemporary cyber threat for organizations, with ransomware operators intentionally leveraging a range of harms against their victims in order to solicit increasingly significant ransom payments. This article advances current research by engaging in a topical analysis into the depth and breadth of harms experienced by victim organizations and their members of staff. We, therefore, enhance the understanding of the negative experiences from ransomware attacks, particularly looking beyond the financial impact which dominates current narratives. Having conducted an interview or workshop with 83 professionals including ransomware victims, incident responders, ransom negotiators, law enforcement, and government, we identify a wide array of severe harms. For organizations, the risk of business interruption and\/or data exposure presents potentially highly impactful financial and reputational harm(s). The victim organization\u2019s staff can also experience a range of under-reported harms, which include physiological and physical harms that may be acute. We also identify factors that can either alleviate or aggravate the experiencing of harms at the organizational and employee level; including ransomware preparedness, leadership culture, and crisis communication. Given the scale and scope of the identified harms, the paper provides significant new empirical evidence to emphasize ransomware\u2019s positioning as a whole-of-organization crisis phenomenon, as opposed to an \u2018IT problem\u2019. We argue that the wider discourse surrounding ransomware harms and impacts should be reflective of the nature of the real-term experience(s) of victims. This, in turn, could help guide efforts to alleviate ransomware harms, through improved organizational ransomware preparedness and tailored post-ransomware mitigation.<\/jats:p>","DOI":"10.1093\/cybsec\/tyae013","type":"journal-article","created":{"date-parts":[[2024,7,30]],"date-time":"2024-07-30T19:56:01Z","timestamp":1722369361000},"source":"Crossref","is-referenced-by-count":9,"title":["\u2018There was a bit of PTSD every time I walked through the office door\u2019: Ransomware harms and the factors that influence the victim organization\u2019s experience"],"prefix":"10.1093","volume":"10","author":[{"given":"Gareth","family":"Mott","sequence":"first","affiliation":[{"name":"School of Politics and International Relations and Institute of Cyber Security for Society, University of Kent , Canterbury CT2 7NZ ,","place":["United Kingdom"]},{"name":"Royal United Services Institute (RUSI) , London SW1A 2ET ,","place":["United Kingdom"]}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-1246-1528","authenticated-orcid":false,"given":"Sarah","family":"Turner","sequence":"additional","affiliation":[{"name":"School of Computing and Institute of Cyber Security for Society, University of Kent , Canterbury CT2 7NZ ,","place":["United Kingdom"]}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-4118-1680","authenticated-orcid":false,"given":"Jason R C","family":"Nurse","sequence":"additional","affiliation":[{"name":"School of Computing and Institute of Cyber Security for Society, University of Kent , Canterbury CT2 7NZ ,","place":["United Kingdom"]}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-1272-077X","authenticated-orcid":false,"given":"Nandita","family":"Pattnaik","sequence":"additional","affiliation":[{"name":"School of Computing and Institute of Cyber Security for Society, University of Kent , Canterbury CT2 7NZ ,","place":["United Kingdom"]}]},{"given":"Jamie","family":"MacColl","sequence":"additional","affiliation":[{"name":"Royal United Services Institute (RUSI) , London SW1A 2ET ,","place":["United Kingdom"]}]},{"given":"Pia","family":"Huesch","sequence":"additional","affiliation":[{"name":"Royal United Services Institute (RUSI) , London SW1A 2ET ,","place":["United Kingdom"]}]},{"given":"James","family":"Sullivan","sequence":"additional","affiliation":[{"name":"Royal United Services Institute (RUSI) , London SW1A 2ET ,","place":["United Kingdom"]}]}],"member":"286","published-online":{"date-parts":[[2024,7,30]]},"reference":[{"key":"2024121909133535700_bib1","doi-asserted-by":"crossref","first-page":"103162","DOI":"10.1016\/j.cose.2023.103162","article-title":"Between a rock and a hard(ening) place: cyber insurance in the ransomware era","volume":"128","author":"Mott","year":"2023","journal-title":"Comput Secur"},{"key":"2024121909133535700_bib2","article-title":"UK second most targeted nation behind America for ransomware","author":"The Gurus","year":"2023"},{"key":"2024121909133535700_bib3","article-title":"Speaking at RUSI event: the societal impact of ransomware","author":"Tidy","year":"2022"},{"key":"2024121909133535700_bib4","volume-title":"National Cyber Strategy 2022","author":"Cabinet Office","year":"2022"},{"key":"2024121909133535700_bib5","doi-asserted-by":"crossref","first-page":"E786","DOI":"10.1503\/cmaj.1095434","article-title":"NHS ransomware attack spreads worldwide","volume":"189","author":"Collier","year":"2017","journal-title":"Can Med Assoc J"},{"key":"2024121909133535700_bib6","article-title":"Hackney Council services could be offline for \u2018months\u2019 following cyber attack","author":"Afifi-Sabet","year":"2020"},{"key":"2024121909133535700_bib7","article-title":"Redcar and Cleveland Council ransomware attack could have cost millions","author":"Arnold","year":"2023"},{"key":"2024121909133535700_bib8","article-title":"Ransomware attack on UK water company clouded by confusion","author":"Burt","year":"2022"},{"key":"2024121909133535700_bib9","article-title":"How a major oil pipeline got held for ransom","author":"Morrison","year":"2021"},{"key":"2024121909133535700_bib10","article-title":"Costa Rica shows the damage ransomware can do to a country","author":"Marks","year":"2022"},{"key":"2024121909133535700_bib11","article-title":"Ransomware: call for evidence","author":"National Security Strategy Joint Committee","year":"2023"},{"key":"2024121909133535700_bib12","volume-title":"The 2022 National Cyber Strategy","author":"Confederation of British Industry","year":"2022"},{"key":"2024121909133535700_bib13","volume-title":"Government Cyber Security Strategy: 2022 to 2030","author":"Cabinet Office","year":"2022"},{"key":"2024121909133535700_bib14","doi-asserted-by":"crossref","first-page":"160","DOI":"10.1080\/25741292.2023.2205764","article-title":"Preparing for future cyber crises: lessons from governance of the coronavirus pandemic","volume":"6","author":"Mott","year":"2023","journal-title":"Pol Design Pract"},{"key":"2024121909133535700_bib15","volume-title":"RTF Report: Combating Ransomware","author":"Institute for Security and Technology","year":"2021"},{"key":"2024121909133535700_bib16","volume-title":"Cyber Security Outlook 2023","author":"PWC","year":"2023"},{"key":"2024121909133535700_bib17","volume-title":"The Growing Threat of Ransomware","author":"Microsoft","year":"2021"},{"key":"2024121909133535700_bib18","volume-title":"Ransomware: What You Meed to Know","author":"NCSC","year":"2021"},{"key":"2024121909133535700_bib19","article-title":"Ransomware tracker: the latest figures","author":"Janofsky","year":"2023"},{"key":"2024121909133535700_bib20","article-title":"Ransomware: 2023\u2019s top attacks and need-to-know stats","author":"Dyer","year":"2022"},{"key":"2024121909133535700_bib21","article-title":"UK regulators warn lawyers to stop making ransomware payments for clients","author":"Gooding","year":"2022"},{"key":"2024121909133535700_bib22","volume-title":"The State of Ransomware 2022","author":"Sophos","year":"2022"},{"key":"2024121909133535700_bib23","volume-title":"The State of Ransomware 2023","author":"Sophos","year":"2023"},{"key":"2024121909133535700_bib24","article-title":"Cyber security breaches survey 2024","author":"Ell","year":"2024"},{"key":"2024121909133535700_bib25","volume-title":"Cost of a Cyber Incident: Systematic Review and Cross-Validation","author":"CISA","year":"2020"},{"key":"2024121909133535700_bib26","first-page":"1","article-title":"An empirical study of ransomware attacks on organisations: an assessment of severity and salient factors affecting vulnerability","volume":"6","author":"Connolly","year":"2020","journal-title":"J Cybersecur"},{"key":"2024121909133535700_bib27","volume-title":"Exploring Organisational Experiences of Cyber Security Breaches","author":"DCMS","year":"2022"},{"key":"2024121909133535700_bib28","article-title":"Analysis of the full costs of cyber security breaches","author":"Heyburn","year":"2020"},{"key":"2024121909133535700_bib29","first-page":"1061","article-title":"The aftermath of a crypto-ransomware attack at a large academic institution","volume-title":"Proceedings of the 27th USENIX Security Symposium","author":"Zhang-Kennedy","year":"2018"},{"key":"2024121909133535700_bib30","article-title":"Impact of Conti ransomware attack on cancer trials Ireland sites","volume":"40","author":"Harvey","year":"2022","journal-title":"J Clin Oncol"},{"key":"2024121909133535700_bib31","doi-asserted-by":"crossref","first-page":"389","DOI":"10.1016\/j.jss.2018.06.072","article-title":"Impact of trauma hospital ransomware attack on surgical residency training","volume":"232","author":"Zhao","year":"2018","journal-title":"J Surg Res"},{"key":"2024121909133535700_bib32","volume-title":"Understanding Ransomware Threat Actors: LockBit","author":"CISA","year":"2023"},{"key":"2024121909133535700_bib33","volume-title":"The Devastating Impact of Ransomware Attacks on Small Businesses","author":"Cleary","year":"2023"},{"key":"2024121909133535700_bib34","first-page":"155","article-title":"\u2018I was told to buy a software or lose my computer. I ignored it\u2019: a study of ransomware","volume-title":"Proceedings of the Fifteenth Symposium on Usable Privacy and Security","author":"Simoiu","year":"2019"},{"key":"2024121909133535700_bib35","first-page":"151","article-title":"Replicating a study of ransomware in Germany","volume-title":"European Symposium on Usable Security","author":"Ortloff","year":"2021"},{"key":"2024121909133535700_bib36","doi-asserted-by":"crossref","first-page":"101675","DOI":"10.1016\/j.tele.2021.101675","article-title":"From feeling like a rape to a minor inconvenience: victims\u2019 accounts of the impact of computer misuse crime in the United Kingdom","volume":"64","author":"Button","year":"2021","journal-title":"Telemat Inf"},{"key":"2024121909133535700_bib37","first-page":"1","article-title":"The evolving menace of ransomware: a comparative analysis of pre-pandemic and mid-pandemic attacks","volume":"4","author":"Lang","year":"2022","journal-title":"Digit Threats Res Pract"},{"key":"2024121909133535700_bib38","first-page":"76","article-title":"Ransomware: to pay or not to pay? The results of what IT professionals recommend","volume-title":"Proceedings of the 5th International Conference on Software Engineering and Information Management","author":"Mujaye","year":"2022"},{"key":"2024121909133535700_bib39","doi-asserted-by":"crossref","first-page":"102760","DOI":"10.1016\/j.cose.2022.102760","article-title":"Reducing ransomware crime: analysis of victims\u2019 payment decisions","volume":"119","author":"Connolly","year":"2022","journal-title":"Comput Secur"},{"key":"2024121909133535700_bib40","doi-asserted-by":"crossref","first-page":"101568","DOI":"10.1016\/j.cose.2019.101568","article-title":"The rise of crypto-ransomware in a changing cybercrime landscape: taxonomizing countermeasures","volume":"87","author":"Connolly","year":"2019","journal-title":"Comput Secur"},{"key":"2024121909133535700_bib41","doi-asserted-by":"crossref","first-page":"943","DOI":"10.1007\/s11292-022-09515-z","article-title":"Ransomware and the Robin Hood effect? Experimental evidence on Americans\u2019 willingness to support cyber-extortion","volume":"19","author":"Haner","year":"2022","journal-title":"J Exp Criminol"},{"key":"2024121909133535700_bib42","doi-asserted-by":"crossref","first-page":"359","DOI":"10.1080\/19331681.2022.2112796","article-title":"The hidden threat of cyber-attacks\u2014undermining public confidence in government","volume":"20","author":"Shandler","year":"2022","journal-title":"J Inf Technol Polit"},{"key":"2024121909133535700_bib43","article-title":"Analysing the ransomware attack on D.C. Metropolitan Police Department by Babuk","volume-title":"Proceedings of the 16th Annual IEEE International Systems Conference","author":"Caroscio","year":"2022"},{"key":"2024121909133535700_bib44","doi-asserted-by":"crossref","DOI":"10.1109\/CyberSA52016.2021.9478239","article-title":"Hold my beer: a case study of how ransomware affected an Australian beverage company","volume-title":"Proceedings of the 2021 International Conference on Cyber Situational Awareness, Data Analytics and Assessment","author":"Jarjoui","year":"2021"},{"key":"2024121909133535700_bib45","doi-asserted-by":"crossref","DOI":"10.1007\/978-3-031-38530-8_21","article-title":"It's more than just money: the real-world harms from ransomware attacks","volume-title":"Proceedings of the 17th International Symposium on Human Aspects of Information Security and Assurance","author":"Pattnaik","year":"2023"},{"key":"2024121909133535700_bib46","doi-asserted-by":"crossref","first-page":"tyad018","DOI":"10.1093\/cybsec\/tyad018","article-title":"Executive decision-makers: a scenario-based approach to assessing organizational cyber-risk perception","volume":"9","author":"Parkin","year":"2023","journal-title":"J Cybersecur"},{"key":"2024121909133535700_bib47","doi-asserted-by":"crossref","first-page":"tyab025","DOI":"10.1093\/cybsec\/tyab025","article-title":"A holistic analysis of web-based public key infrastructure failures: comparing experts\u2019 perceptions and real-world incidents","volume":"7","author":"Hadan","year":"2022","journal-title":"J Cybersecur"},{"key":"2024121909133535700_bib48","doi-asserted-by":"crossref","first-page":"77","DOI":"10.1191\/1478088706qp063oa","article-title":"Using thematic analysis in psychology","volume":"3","author":"Braun","year":"2006","journal-title":"Qual Res Psychol"},{"key":"2024121909133535700_bib49","volume-title":"Social Research Methods","author":"Bryman","year":"2016"},{"key":"2024121909133535700_bib50","doi-asserted-by":"crossref","first-page":"tyy006","DOI":"10.1093\/cybsec\/tyy006","article-title":"A taxonomy of cyber-harms: defining the impacts of cyber-attacks and understanding how they propagate","volume":"4","author":"Agrafiotis","year":"2018","journal-title":"J Cybersecur"},{"key":"2024121909133535700_bib51","author":"Ton","year":"2022","journal-title":"Ransomware Damage: Are You Forgetting About Your Reputation?"},{"key":"2024121909133535700_bib52","volume-title":"Reputational Damage and Cyber Risk Go Hand in Hand","author":"Aon","year":"2019"},{"key":"2024121909133535700_bib53","volume-title":"How a Ransomware Attack Cost One Firm \u00a345m","author":"Tidy","year":"2019"},{"key":"2024121909133535700_bib54","article-title":"The many ways a ransomware attack can hurt your organisation","author":"Whitney","year":"2021"},{"key":"2024121909133535700_bib55","article-title":"Ransomware attacks causing employee layoffs","author":"O'Gara","year":"2020"},{"key":"2024121909133535700_bib56","author":"Sharton","year":"2021","journal-title":"Ransomware Attacks Are Spiking. Is Your Company Prepared?"},{"key":"2024121909133535700_bib57","doi-asserted-by":"crossref","first-page":"255","DOI":"10.1037\/a0037297","article-title":"Exposure to extraorganisational stressors: impact on mental health and organisational perceptions for police officers","volume":"21","author":"Biggs","year":"2014","journal-title":"Int J Stress Manag"},{"key":"2024121909133535700_bib58","doi-asserted-by":"crossref","first-page":"321","DOI":"10.1080\/10439463.2020.1739047","article-title":"Violence, abuse and the implications for mental health and wellbeing of security operatives in the United Kingdom: the invisible problem","volume":"31","author":"Talas","year":"2021","journal-title":"Polic Soc"},{"key":"2024121909133535700_bib59","doi-asserted-by":"crossref","first-page":"283","DOI":"10.1093\/occmed\/kqu180","article-title":"Post-traumatic stress disorder among bank employee victims of robbery","volume":"65","author":"Fichera","year":"2015","journal-title":"Occup Med"},{"key":"2024121909133535700_bib60","doi-asserted-by":"crossref","first-page":"e107","DOI":"10.1192\/bjo.2022.69","article-title":"Investigating the impact of terrorist attacks on the mental health of emergency responders: systematic review","volume":"8","author":"Wesemann","year":"2022","journal-title":"BJPsych Open"},{"key":"2024121909133535700_bib61","article-title":"Ransomware readiness index: a proposal to measure current preparedness and progress over time","author":"Spiewak","year":"2021"},{"key":"2024121909133535700_bib62","author":"Haggman","year":"2019","journal-title":"Cyber wargaming: finding, designing, and playing wargames for cyber security education"},{"key":"2024121909133535700_bib63","article-title":"Ransomware recovery \u20135 action items missing from your plan","author":"Stevens","year":"2023"},{"key":"2024121909133535700_bib64","doi-asserted-by":"crossref","first-page":"275","DOI":"10.1057\/s41288-022-00281-7","article-title":"Insurance and enterprise: cyber insurance for ransomware","volume":"48","author":"Baker","year":"2023","journal-title":"Geneva Pap Risk Insur Iss Pract"},{"key":"2024121909133535700_bib65","article-title":"Coronavirus pandemic and work from home: challenges of cybercrimes and cybersecurity","author":"Ahmad","year":"2020","journal-title":"SSRN"},{"key":"2024121909133535700_bib66","doi-asserted-by":"crossref","first-page":"e247","DOI":"10.1002\/itl2.247","article-title":"Covid-19 pandemic cybersecurity issues","volume":"4","author":"Pranggono","year":"2020","journal-title":"Internet Technol Lett"},{"key":"2024121909133535700_bib67","article-title":"How cyber insurance shapes incident response: a mixed methods study","volume-title":"The 20th Workshop of the Economics of Information Security","author":"Woods","year":"2021"},{"key":"2024121909133535700_bib68","volume-title":"CIR\u2014Cyber Incident Response","author":"NCSC","year":"2023"},{"key":"2024121909133535700_bib69","article-title":"Brave accuses the ICO of \u2018falling asleep at the wheel.\u2019","author":"Afifi-Sabet","year":"2020"},{"key":"2024121909133535700_bib70","article-title":"The forgotten ones: ransomware preys on the resource-poor","author":"Schwartz","year":"2019"},{"key":"2024121909133535700_bib71","volume-title":"Cyber Security Toolkit For Boards","author":"NCSC","year":"2022"},{"key":"2024121909133535700_bib72","volume-title":"Ransomware Criminals Sanctioned in Joint UK\/US Crackdown on International Cyber Crime","author":"NCA","year":"2023"},{"key":"2024121909133535700_bib73","article-title":"FBI tells Congress ransomware payments shouldn't be banned","author":"Fung","year":"2021"}],"container-title":["Journal of Cybersecurity"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/academic.oup.com\/cybersecurity\/article-pdf\/10\/1\/tyae013\/61182348\/tyae013.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"https:\/\/academic.oup.com\/cybersecurity\/article-pdf\/10\/1\/tyae013\/61182348\/tyae013.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,12,19]],"date-time":"2024-12-19T09:14:04Z","timestamp":1734599644000},"score":1,"resource":{"primary":{"URL":"https:\/\/academic.oup.com\/cybersecurity\/article\/doi\/10.1093\/cybsec\/tyae013\/7723878"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024]]},"references-count":73,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2024,1,2]]}},"URL":"https:\/\/doi.org\/10.1093\/cybsec\/tyae013","relation":{},"ISSN":["2057-2085","2057-2093"],"issn-type":[{"value":"2057-2085","type":"print"},{"value":"2057-2093","type":"electronic"}],"subject":[],"published-other":{"date-parts":[[2024]]},"published":{"date-parts":[[2024]]},"article-number":"tyae013"}}