https://www.linkedin.com/redir/redirect/?url=https%3A%2F%2Fshare%2Egoogle%2F2k85chclapyMJVeY6&urlhash=k4Jm&mt=TZyoqOp8U8LlkFnUkElV69Y4kz4v27GkOMin2g77Bpi80wJWmxaIEvoqYazNp1pR4f_w2Zs8fzyXkqwNzSm_gg6EyfeObCiuHntSdS2f5wyGSPc9MIEeol749w&isSdui=true
This is unacceptable. Why the Rochester Philharmonic Orchestra ransomware attack demands accountability. In a recent article by Reagan Hill of News 8 WROC in Rochester, New York first reported on November 25, the RPO is in a ransomeare issue. https://lnkd.in/g-D2Hpve
This ransomware attack against the Rochester Philharmonic Orchestra should never have happened & the community deserves clear accountability.
In 2025, ransomware incidents are not unforeseen or unavoidable. They result from known, documented cybersecurity failures: lack of multi-factor authentication, poor patch management, weak access controls, flat networks, insufficient monitoring, and inadequate backup strategies. These are not advanced threats, they are baseline controls.
This is not simply an IT problem.
It is a leadership & governance failure.
As a nonprofit & community-supported institution, benefiting from public trust, donors, public funds, and regional sponsorships, the RPO has a heightened responsibility to safeguard the personal information of its musicians, employees, donors, and partners. When that trust is broken, the impact extends far beyond the organization itself. It becomes a community issue.
The RPO Board of Directors & executive leadership cannot delegate cybersecurity risk away. Boards are not expected to be technical experts, but they are responsible for oversight, risk governance, and ensuring appropriate investment in security leadership, whether through a CISO, vCISO, or qualified cybersecurity professionals.
When organizations operate without: • dedicated security leadership
• regular risk assessments
• tested incident-response plans
• modern identity protections
• immutable disaster recovery
the result is predictable and preventable.
Cybersecurity is not an optional expense or a future initiative. It is a fundamental operational requirement. Deferring it does not save money, it defers consequences: data exposure, reputational damage, legal risk, and erosion of public confidence.
To the Rochester community, technology leaders, IT professionals, and civic stakeholders: incidents like this affect us all. Cultural institutions are part of our civic fabric. If they are vulnerable, the community must help raise the baseline, through awareness, advocacy, leadership engagement, and professional support.
Attackers collaborate.
Defenders must too.
You protect what you prioritize.
You get what you invest in.
And ransomware is the foreseeable outcome of neglecting cybersecurity.
Our community and the people whose data was entrusted deserves better.
#Cybersecurity #Ransomware
#InformationSecurity #CyberRisk
#CISO #BoardGovernance #ExecutiveLeadership
#DataProtection #IncidentResponse
#NonprofitGovernance #RochesterNY #ROCtech #UpstateNY #RPO #CommunityResponsibility
#PublicTrust #NonprofitTechnology
#Musicians #MusicCommunity
#ArtsAndCulture #ArtsLeadership
#CulturalInstitutions #RochesterNY
#ROCtech #UpstateNY
#CommunityFirst #PublicFunding
About The Author
