Board directors still failing to take ransomware seriously enough
A recent report by Egress found only 23% of company boards see ransomware as their top security priority, despite 59% of businesses being hit by ransomware attacks. This is at odds with what cyber leaders think: according to a study by the World Economic Forum, 80% see ransomware as a dangerous and evolving threat to public safety.
For Databarracks, boards need to urgently address this persisting disconnect to get on top of the ransomware threat.
Barnaby Mote, managing director at Databarracks, said: “There remains a clear gap between how cyber experts and company directors view the threat, despite ransomware’s prevalence. If corporate leaders don’t increase focus on the problem, it’s an open goal for cybercriminals.”
The report also found 61% of CISOs affected by ransomware refused to pay the ransom, and 80% who hadn’t been impacted said they would refuse. This highlights the need for pre-prepared response to ransomware attacks, as it is a much more complex process than simply refusing to pay.
Mote added: “Organisations that have never been hit by ransomware tend to be quite bullish about not paying up, but when they do get struck, paying the ransom becomes a much likelier course of action.
“This position is becoming increasingly untenable as fewer insurance companies cover the financial impact from ransomware and those that do either reduce coverage, raise prices or increase the requirements for cover.
“Therefore, if you want to confidently refuse a ransomware demand, you need to be prepared to recover your data yourself. This means having a watertight backup strategy in place.
“This shouldn’t just be the preserve of IT departments and cyber experts: it needs buy-in from the very top. Board directors must listen closely to their cyber colleagues and realise the days of ransomware being a secondary threat are over.”
He concluded: “Ultimately, boards must take control of the ransomware situation themselves to guarantee the organisation will survive an attack. In any attack there are two options – pay the ransom or recover your data. Make sure recovering data is the priority.”