Commentary By Crisis Management Expert Edward Segal, author Crisis Ahead: 101 Ways to Prepare for and Bounce Back from Disasters, Scandals, and Other Emergencies (Nicholas Brealey)

Just because a company was not hit by a ransomware attack yesterday does not mean it won't be hit by one today.

Making matters worse, according to a new report, almost half of surveyed companies—whether previously hit by ransomware or not—don't feel confident they can fend off a ransomware attack.

The survey was conducted by cyber security company Cymulate in September 2021. The 881 respondents included those with roles in IT, cybersecurity, tech, and leadership at their organizations. More than a quarter of surveyed organizations —28%—had been targets of ransomware attacks.

The results of the research project come on the heels of a recent report that 48% of employees at surveyed companies had been asked by hackers to aid ransomware attacks on their organization and another report that cyber thieves are using new strategies, tactics and techniques to help increase the chances of success of their phishing attacks against companies and organizations. 

Silver Lining

There is a silver lining though with the increase in ransomware attacks, according to the company. It noted that, "… the majority of respondents undertook proactive measures to prevent the attack before it could cause any significant damage, and the vast majority of those even before it could cause any serious downtime."

Other pieces of encouraging results from the report include:

• 82% of survey respondents are adopting offensive cybersecurity solutions.
• 70% report increased awareness of ransomware threats at the boardroom and business management level. 
• Prior victims of ransomware are allocating more security budget (64%) and headcount (58%) than organizations not previously attacked. Non-victims are still allocating more security budget (55%) and headcount (37%).

"This latest survey is critical in helping us understand that while we may be experiencing increased anxiety from the rise in ransomware, we have also learned lessons and are able to both prevent attacks and recover far quicker than before," said Eyal Wachsman, CEO and co-founder of Cymulate.

Dave Klein, director and cyber evangelist of Cymulate, observed that, "Where past surveys and media coverage of ransomware paint a very gloom and doom picture, our survey participants tell a very different story. While the past data translates into measurable anxiety, this anxiety has led business/board-room level concern with proactive effort and additional resources, budget, staff, and practices including pre-emptive offensive testing and validation."

Advice For Business Leaders

Wachsman advised that, "Organizations still need to remain vigilant as ransomware continues to strike every sector and every size organization. Security teams need to ensure current controls are effective and conduct basic cyber hygiene to prevent further damage."

                                                                 ###