Enterprise ransomware preparedness improving but still lacking

/in


The majority of organizations have made ransomware preparedness a top-five business priority, yet only half believe their preparedness is stronger than it was two years ago. That is according to a recent survey, “The Long Road Ahead to Ransomware Preparedness” by Enterprise Strategy Group, a division of TechTarget.

Ransomware is a top priority

Despite warnings and available preparedness resources, ransomware continues to distress companies. Seventy-nine percent of survey respondents said they suffered a successful attack within the last year, and 73% reported they had one or more attacks that caused negative financial impact or disrupted business operations in the same time period.

The good news is the board and the C-suite are finally getting the message that more needs to be done to address impending ransomware attempts. In fact, 79% of respondents said business leaders made ransomware preparedness a top business priority, and 82% of organizations plan to invest more in ransomware preparedness over the next 12 to 18 months.

How are companies handling ransomware preparedness?

With preparedness investments expected to grow, the survey asked how organizations currently tackle ransomware. Respondents said the most important prevention tactics involve efforts in the following:

Ongoing activities cited included data recovery testing, employee security awareness training, response readiness assessments, incident response functional exercises, penetration testing, incident planning and playbook development, phishing simulation programs, tabletop exercises, and blue/red/purple team engagements.

Chart showing what ransomware preparedness activities companies engage in
Data recovery testing and employee security awareness training are among the top activities organizations are focusing on for ransomware preparedness.

How unprepared are companies?

Companies said they are improving their fight against ransomware, but it’s clear that more work needs to be done. Ransomware preparedness gaps exist, and few organizations have solid mitigation strategies in place. Among activities that need more attention are the following:

  • Vulnerability management. Only 47% of respondents said their organizations can remediate issues within 30 days of discovering them….

Source…