A) Notify the business continuity lead

You loop in your BC contact. She’s quick to respond but asks for clarity: is this a continuity issue or IT-led? You tag in IT operations. They investigate the root cause and extent of impact. Engineering and Cyber are also notified. You lose 20 minutes while everyone debates who should be doing what.

B) Convene the executive crisis team

You pull together your crisis leadership group via video call. Half are traveling. Legal joins but has no context. Sales leaders ask about customer impact. Marketing asks about external messaging. There’s still no diagnosis. Everyone’s waiting on more information.

C) Wait 15 minutes for IT

You wait. At 6:22 AM, IT reports that the affected systems are showing signs of unauthorized file encryption. Ransomware is now a strong possibility. Business Continuity wants to know all the applications that are affected to gain an understanding of impact on critical processes; however, they’re unsure how many other applications are impacted. Now you’re 15 minutes behind, with no comms sent and no BC/DR plans activated.

A) Launch the playbook

Your predefined response plan kicks in. Employees are notified of the incident. IT is freed up to focus on the technical investigation. Employees are redirected to known-good backup channels. Internal confusion is reduced. You’re still in crisis, but people know what to do.

At 7:03 AM, IT confirms encryption in four offices. Your regional leads are already activating recovery protocols. Leadership is updated on cadence. Public messaging is ready if needed. You’re not out of the woods, but you’re aligned and moving.

B) Wait for confirmation

IT takes another 25 minutes to confirm ransomware. By then, two more departments with critical applications are affected. Backup systems aren’t prepped. Employees start emailing leadership asking what’s going on. The delays impact customers and cause confusion and reputational risk.

At 7:15 AM, you scramble to catch up. Your BC team launches late. Comms are reactive. The CEO texts asking if Legal has reviewed messaging. You’re managing uphill.

A) Hold messaging until legal signs off on every word

You play it safe and wait for legal to approve a carefully worded statement. It takes 45 minutes. In that time, customers grow more frustrated. Employees post their own guesses online. Leadership asks why you’re not saying anything. You avoid legal exposure, but now you’re in damage control.

B) Acknowledge the issue publicly with limited details

You issue a short external statement: “We’re aware of a technical disruption affecting some systems. Our teams are actively investigating and will provide updates as needed.” Internally, you reinforce calm, clear direction. You buy time, reduce speculation, and show you’re on it – even without full details.

C) Say nothing and let customer teams respond 1:1

You tell customer-facing teams to handle inquiries case by case. Some are confident, others less so. Inconsistent replies start circulating. One rep says it’s “probably ransomware.” Another says, “IT is just doing maintenance.” Confusion and frustration spreads among customers. Trust erodes. You lose the narrative.

Resilience isn’t about perfection. It’s about preparation and execution.

In the real world, the difference between a chaotic scramble and a controlled response often comes down to how connected your systems and people are – and how quickly you can activate appropriate plans and personnel when you need them most.