Only 23% of board members consider ransomware their top priority

A security logo is shown on screen during a keynote address at the Consumer Electronics Show on Jan. 7, 2016, in Las Vegas. (Photo by Ethan Miller/Getty Images)

Research from Egress on Wednesday found that only 23% of board members consider ransomware their top priority.

The software company said it’s a major concern because according to the survey, 59% of organizations fell victim to ransomware and a staggering 84% of organizations were victims of phishing, even though 98% of companies offer anti-phishing training to the staff.

“Cybercriminals continue to leverage sophisticated social engineering attempts to catch users at a weak moment and gain access to the sensitive data they’re seeking,” said Jack Chapman, vice president of threat research at Egress. “The results of this study show that cybersecurity training is limited in its effectiveness and it’s a big ask for people within an organization to be constantly vigilant to phishing threats”

It’s incredibly concerning that only 23% of board members see ransomware as a major threat to their organizations, said Hank Schless, senior manager, security solutions at Lookout. Schless said this might happen because board members think about these events in terms of what can have the most impact on the business. However, a successful ransomware attack can be detrimental to the existence of any organization. 

“Everyone needs to understand the connection between security and business continuity,” Schless said. “Today, when entire organizations run on cloud-based infrastructure, everything about the business relies on having secure systems. The commercialization of ransomware and the emergence of the Ransomware-as-a-Service market have made these attacks much more viable for less sophisticated hackers. This will only increase the number of ransomware attacks organizations face.” 

John Bambenek, principal threat hunter at Netenrich, said business leaders are in business to make money and they view security as a cost center, ironically even for security companies.

“Part of this number is complacence,” Bambenek said. “Like car insurance, no one thinks accidents will happen to them until they do. Part of it is the idea…