Databarracks, the UK based disaster recovery, backup and business continuity solutions provider, suggests board directors are failing to take ransomware seriously enough.
The statement comes following a report by Egress that found only 23 per cent of company boards see ransomware as their top security priority, despite 59 per cent of businesses being hit by ransomware attacks. This is at odds with what cyber leaders think: according to a study by the World Economic Forum, 80 per cent see ransomware as a dangerous and evolving threat to public safety.
Barnaby Mote, managing director at Databarracks, said, “There remains a clear gap between how cyber experts and company directors view the threat, despite ransomware’s prevalence. If corporate leaders don’t increase focus on the problem, it’s an open goal for cybercriminals.”
The report also found 61 per cent of CISOs affected by ransomware refused to pay the ransom, and 80 per cent who hadn’t been impacted said they would refuse. This highlights the need for a pre-prepared response to ransomware attacks, as it is a much more complex process than simply refusing to pay.
Mote added: “Organisations that have never been hit by ransomware tend to be quite bullish about not paying up, but when they do get struck, paying the ransom becomes a much likelier course of action.
“This position is becoming increasingly untenable as fewer insurance companies cover the financial impact from ransomware and those that do either reduce coverage, raise prices or increase the requirements for cover.
“Therefore, if you want to confidently refuse a ransomware demand, you need to be prepared to recover your data yourself. This means having a watertight backup strategy in place.
“This shouldn’t just be the preserve of IT departments and cyber experts: it needs buy-in from the very top. Board directors must listen closely to their cyber colleagues and realise the days of ransomware being a secondary threat are over.”
He concluded: “Ultimately, boards must take control of the ransomware situation themselves to guarantee the organisation will survive an attack. In any attack there are two options – pay the ransom or recover your data. Make sure recovering data is the priority.”
