Not Paying the Ransom!
If you don't pay the ransom what systems do I bring up first?
When asking these questions you need not only the input from the IT staff but you also want to include different business units.
When dealing with the law firm the two most needed systems will be Accounting and Conflicts followed by a myriad of other information systems. This may differ for different law firms which bring up the reason for a Risk Assessment.
Risk Assessments deal with these questions by putting quantitative values and impact on the business in a way that is understandable to the stakeholders of the business.
Businesses understand the impact on a business when it comes to dollars lost. The better way to handle this is to minimize the impact of dollars lost in a way that everyone can agree on.
Perform a thorough Risk Assessment then build the Disaster Recovery Plan.