Payroll Is Invisible, Until It Isn’t: Real-World Example of a Cybersecurity Disaster
Most people do not think about payroll until something goes wrong. When payroll runs smoothly, it works quietly, reliably, and consistently.
However, when a cybersecurity event takes down the systems that support payroll, it suddenly becomes one of the most visible and mission-critical functions in the organization. I learned that firsthand during the 2021 Kronos ransomware attack.
What initially looked like a systems outage quickly became a full payroll continuity crisis with direct consequences for employee trust, compliance, financial well-being, and organizational stability. This ransomware event affected organizations across the country, including hospitals, public transit systems, universities, and private employers.
Many organizations were forced into manual, paper-based, or stopgap payroll processes, and some struggled with delayed or inaccurate pay.
When the Time Clocks Went Dark
At the time, I was serving as payroll manager at a healthcare system in California. When the attack hit, all Kronos time clocks across the organization went dark. More than 8,000 employees could no longer clock in or out and managers had no reliable way to capture time.
The payroll time data we normally relied on was suddenly unavailable. There was also no clear estimate for when the system would be restored. Through my payroll network, I learned this was a ransomware attack, and I knew right away this would not be a short-term disruption.
Waiting was not a strategy; we needed another payroll solution immediately. Payroll deadlines were still approaching. Whether the system came back in days or weeks, employees still had to be paid.
Choosing the Hard Way
We considered simply paying employees based on a previous paycheck or based on an average of hours worked during a lookback period. While that may have reduced some of the administrative burden, it was not the right answer.
We made the deliberate decision to pay employees based on actual hours worked. That decision mattered for both compliance and employee trust.
In California, payroll is complex and heavily regulated. We had to account for regular work time, overtime and double time, shift differentials, on-call pay, paid time off, the regular rate of pay, meal and rest premium obligations, and many other pay components.
We also had to consider holiday timing and year-end payroll implications, including the final paycheck of the calendar year and Form W-2 reporting. This was not a situation where we could simply estimate broadly and clean it up later.
Employees depend on their paychecks for housing, food, transportation, childcare, and daily life. Many of our employees were working long hours in a healthcare setting, including nights, weekends, and shifts during the holiday season. Paying actual hours worked was not only the more accurate approach, it was the right thing to do for our employees.
Building a Manual Payroll Process in Real Time
Our alternative solution consisted of Excel spreadsheets that included multiple pay codes from the aforementioned components. The formulas were intentionally complex so they could reflect California labor requirements and the realities of our payroll environment.
Managers were trained to use Excel to record time worked and to include all pay needed on the paycheck. From there, payroll reviewed, compiled, reconciled, and consolidated the hundreds of spreadsheets into a single document that could be used in our payroll processing system.
It was an enormous undertaking that lasted six weeks, spanning three full pay periods. On paper, six weeks may not sound especially long, but in payroll, especially during the holiday and year-end season, it felt relentless.
What stands out to me now is how much the downtime process required payroll to simultaneously become both architect and operator. We were not only processing payroll; we were designing the emergency infrastructure needed to process it.
The challenge was not simply creating a tool. It was creating a tool that real people across a large healthcare system could use under pressure and then build enough control around it to preserve accuracy.
This reinforced an important lesson: payroll knowledge is highly technical and highly operational. Good payroll teams understand not just what needs to be paid, but how systems interact, how rules are applied, how exceptions are handled, and how to create order when automation disappears.
The Human Side of Payroll Continuity
What I remember most was the pressure behind the scenes. A missed overtime entry, overlooked premium, or incorrect data match could directly affect someone’s paycheck. In payroll, those mistakes are never abstract; they affect real people and real households.
At the same time, team members were dealing with difficult personal moments and still showing up to work for 16-plus-hour days helping review spreadsheets and payroll records. That level of dedication says everything about the payroll profession. Payroll continuity is not just a technical issue; it is a human one.
Payroll Is About People, Trust
During the outage, employees were understandably anxious about whether they would be paid correctly or if they would even be paid at all. Employees trust that if they work, they will be paid accurately and on time.
Trust in payroll is not a small thing—it shapes how employees feel about the organization. A missed or incorrect paycheck can create frustration far beyond the dollars involved because it signals instability. It can make employees question whether the organization truly sees them, values them, or has control over essential functions.
On the other hand, when payroll performs well during a crisis, it sends a powerful message: even under pressure, the organization is committed to its people. It is a commitment to employees that their work will be recognized, their time will be valued, and their livelihood will be protected.
Communication Was Part of the Solution
Communication was critical. We held town hall-style sessions with managers, and I set up online webinars to teach the workaround process.
We also communicated directly with employees, asking them to review their time records and paychecks carefully and report any issues promptly so we could fix them as quickly as possible. In a payroll crisis, silence creates anxiety while communication builds confidence.
What made communication especially important was that the payroll process had suddenly become more visible and more manual. That meant more people were participating in it directly, many of whom did not normally have that level of involvement.
When systems are down, uncertainty grows fast. Employees begin asking practical questions: Will I be paid on time? Will my overtime be included? What if something is wrong? How do I report it?
Effective communication does not eliminate concern entirely, but it reduces confusion and gives people a path forward.
A Call to Payroll Leaders
My message to payroll organizations is simple: do not wait for a disaster. Hope is not a strategy, and improvisation should not be the foundation of payroll continuity.
Do not wait for a ransomware attack, a system failure, or a vendor outage to expose your vulnerabilities. Do not assume your payroll team can improvise everything under pressure. Do not assume business continuity belongs only to IT.
Build the backup process now—test it now, document it now, and train your managers now. Make payroll part of your cybersecurity and disaster recovery strategy.
Just as importantly, work to prevent a payroll cybersecurity disaster before it begins. Payroll leaders should be actively involved in conversations about system access, vendor dependence, disaster recovery, and cybersecurity response planning.
Payroll is too critical to be treated as an afterthought once a system goes down. If payroll depends on a single platform, a single feed, or a single point of failure, that risk needs to be identified and addressed early.
Organizations should ask the following tough questions now, not during a crisis:
- What happens if the time clocks go dark?
- What happens if time data becomes inaccessible?
- What is the backup process for collecting hours worked?
- Who approves time?
- How will payroll calculate premium pay, overtime, and special earnings if the primary system fails?
- Where are the emergency templates, contacts, instructions, and escalation paths stored?
- Has the process been tested?
Preventing a payroll cybersecurity disaster does not mean assuming an attack will never happen. It means building resilience so that if it does happen, employees are still protected.
That includes maintaining a payroll disaster folder in both physical and electronic form, cross-training payroll staff, keeping manual templates ready, documenting pay rules, preserving key payroll calendars and approval paths, and making sure payroll has a voice in enterprise continuity planning.
Cybersecurity preparedness in payroll is really about protecting people. That is why payroll continuity planning is not simply a technical exercise—it is a commitment to employee trust and financial well-being.
When systems fail, payroll still has to deliver. When payroll delivers in a crisis, it does more than process checks; it protects employees, preserves trust, and strengthens morale. It stabilizes the organization and proves in the clearest possible way that payroll is not just an administrative function; it is mission critical.
Antonio Escobar, CPP, is Director of Payroll at Stanford Medicine Children’s Health and a J.D. Candidate at Loyola Law School, focusing on employment and labor law.
For more articles like this, read PAYTECH magazine (available in both printed and digital formats), free for PayrollOrg members!
PayrollOrg (PAYO), is the leader in payroll education, publications, and training. This nonprofit association conducts more than 300 payroll training conferences and seminars across the country each year and publishes a complete library of resource texts and newsletters. Representing more than 20,000 members, PAYO is the industry’s highly respected and collective voice in Washington, D.C. Get more information at www.payroll.org.
Not a member of PAYO? Check out the many benefits you get when you join!
