Case Study: Global environmental and historical non-profit strengthens incident response and ransomware readiness with SecurityScorecard

SecurityScorecard Helps Scientific and Educational Non-Profit Prepare for Information Security Incidents

Non-Profit Organization, a global scientific and educational nonprofit focused on conservation and public programs since 1888, needed to ensure continuity if hit by a cybersecurity incident. SecurityScorecard conducted executive information security incident exercises—including a ransomware scenario covering identification, containment, eradication, and recovery—to test the organization’s Incident Response Plan (IRP) and overall ransomware readiness.

SecurityScorecard ran tabletop exercises, identified gaps, and recommended concrete IRP revisions (including explicit activation triggers such as a three-device threshold, senior-leader notification protocols, and guidance on timing communications with threat actors). It also strengthened user incident procedures, advised a data-classification policy and documentation of sensitive-data owners, suggested migrating to Google Workspace for isolated backup/DLP, and amended the business continuity plan to include a cost‑benefit analysis for ransom decisions—resulting in clearer activation criteria, improved incident communications, and a documented process for evaluating ransom responses.