Ransomware is threatening organisations at an increasing rate. A new global survey conducted by (ISC)², the world’s largest association of certified cybersecurity professionals, reveals that as companies are worried about being attacked with ransomware more than any other form of cyber threats, it becomes the responsibilities of the C-suite executives on the whole – and not just the security teams – to tackle ransomware head on. The study also offers insights into organizational leaders’ readiness for ransomware attacks.
This data underscores the need for clearer and more frequent communications between cybersecurity executives and teams. It also offers best practices security leaders should implement to improve those communications.
The survey of 750 C-level executives across the US and the UK reveals that the high-profile ransomware attacks of 2021 have created an opportunity for cybersecurity leaders to proactively address their organizational readiness by providing more actionable intelligence. The data shows that while executive confidence about ransomware defenses remains high, there is a strong willingness to invest in staff and technology.
“With this study, we wanted to provide deeper insights from executives who are ultimately responsible for protecting their organizations from ransomware,” said Clar Rosso, CEO, (ISC)².
“The study gives cybersecurity professionals a window into what their C-suite cares about when it comes to the potential impact of ransomware. Knowing this, and by tailoring their ransomware education and risk reporting accordingly, security teams can get the support they need to mitigate this high-profile risk to their organization,” Rosso added.
High level of Confidence
Respondents expressed high levels of confidence about their organizations’ preparedness to combat a ransomware attack. The recent spate of attacks has not eroded that confidence one bit. In fact, there was a slight uptick in confidence (69% up to 71%) in the wake of the year’s high-profile breaches. A mere 15% of executives reported a lack of confidence.
What CXOs Need to Know
Respondents were also asked about the most critical information they need from their cybersecurity teams when it comes to ransomware, and their top concerns included how minimal operations can be restored in the event of an attack (33%), ensuring that restoration plans and data backup were not impacted by ransomware (38%), and how prepared the organization is to engage with law enforcement (32%).
What Concerns CXOs Have
If hit by a ransomware attack, the top concern among business leaders, cited by 38% of respondents, is exposure to regulatory sanctions. The concern is higher in the UK (41%) than in the US (36%). The second biggest concern for executives (34%) is loss of data or intellectual property, followed equally (31% each) by concerns about loss of confidence among employees, loss of business due to systems outage, and uncertainty that data could still be compromised even after paying a ransom.
Tips for Cybersecurity Team Leaders
Based on the feedback from C-suite respondents, the study outlines five key tips for cybersecurity team leaders to consider in their conversations with and reports to executives about ransomware threats. More details on each tip can be found in the report, but the five tips are as follows:
- Increase communication and reporting to leadership
- Temper overconfidence as needed
- Tailor your message
- Make the case for new staff and other investments
- Make clear that ransomware defense is everyone’s responsibility