PharmaCo was a large, multinational, integrated pharmaceutical company. Its board of directors was meeting to discuss a possible friendly merger with a complementary competitor and to review a quarterly cybersecurity report. However, before either of these discussions could begin, PharmaCo's chief financial officer interrupted with news that the company's customer database had been encrypted by hackers in a ransomware attack and a ransom of $25,000 in Bitcoin had been demanded. Unfortunately, this was the first in a series of cyber attacks affecting the organization. The board of directors must increasingly deal with a number of issues brought by management and make some critical decisions in overseeing this crisis. Michael Parent is affiliated with Simon Fraser University.