The race against time in ransomware attacks

Most organizations lack strong cyber resilience strategies or data security capabilities to address threats and maintain business continuity, according to BigID.

Despite both the rise in threats and the high percentage of respondents whose organizations suffered recent attacks, there hasn’t been a corresponding uptick in strategic measures to shore up cyber resilience.

In fact, close to four in five survey respondents don’t have complete confidence that their company has a cyber resilience strategy designed to address today’s escalating cyber challenges and threats.

Critical business data at risk due to ransomware

And it’s not just about confidence. Organizations need cyber resilience and data security capabilities in place, too—to recover data and restore business operations and to do so fast.

When asked about the threat of ransomware, 40% of last year’s respondents said “failure to recover data” worried them—even if their data was backed up. This year, 67% lack full confidence their company could recover data and critical business processes in the event of a system-wide cyberattack.

When asked how long, on average, it would take their company to restore data and business processes if a cyberattack occurred:

  • 95% said it would take over 24 hours
  • 71% said it would take over 4 days
  • 41% said it would take over a week

And in a ransomware attack, every minute matters. The longer a business is down and its data is inaccessible, the greater the risk for serious, and often immediate, downstream impacts.

Companies open to paying ransom

When 95% can’t recover data and business processes within 24 hours, not only are organizations vulnerable, but they’re more willing to make choices that may incentivize future industry attacks. Choices that include paying a ransom.

Although paying a ransom is generally considered an action of last resort, 90% of global survey respondents said their organization would—some unequivocally, some depending on the cost consider paying a ransom if it meant they could recover data and business processes, or recover them faster.

With cybercrime predicted to cost the world $8 trillion annually, more companies are trying to secure financial protection against losses from cyberattacks, data breaches, and other cyber-related incidents. They’re turning to cyber insurance as one of their protection strategies.

According to 87% of respondents, data and cybersecurity vendors must collaborate to provide complete and integrated anti-ransomware solutions. When vendors work towards a common goal of defeating ransomware and creating integrated solutions that support clean recovery efforts, organizations reap the benefits. Greater cyber resilience is better for them, better for the customers they serve, and better for their industries.

A comprehensive approach to data security

“It’s not a surprise that over half of organizations still struggle with securing data in the cloud. The reality is most organization’s data is scattered across different environments and varies by type,” said Tyler Young, CISO of BigID.

“Companies cannot afford to be offline and unable to maintain operations, especially for more than a day. However, the stark reality is that many organizations are vulnerable to leverage from cyber criminals because they are incapable of rapidly recovering their data and business processes when necessary,” said Brian Spanswick, CISO and head of IT, Cohesity. “Therefore, it’s no surprise that 9 in 10 respondents also said their business would consider paying a ransom to maintain continuity.”

When an organization gets hit by ransomware, and data is stolen, wiped, infected, or otherwise compromised, that organization can’t properly function until its data, processes, operations, and applications are restored. Making sure this recovery is clean, and happens fast, is critical to business resilience.

Given this reality, a comprehensive approach to data security and management is the best offense against continuing worldwide threats.

Don't miss