Ransomware events can severely impact business processes and deprive organizations of the data they need to run their business and deliver mission-critical services.
PCI DSS Requirement 12.2 requires all organizations to perform an annual formal risk assessment that identifies vulnerabilities, threats and risks to their organization, in particular their data environment for cardholders (CDE).