Security teams are responding to the ransomware threat, but remain on high alert

A security logo is shown on screen during a keynote address.
Respondents to a CRA Business Intelligence survey say they plan to improve their ransomware prevention strategies and capabilities. (Photo by Ethan Miller/Getty Images)

The ongoing danger and threat of a ransomware attack looms large among security pros as the threat landscape increases daily. And many believe the worst is yet to come, according to a survey by CRA Business Intelligence.

Survey respondents say they are at a significantly higher risk of a cyberattack than ever before, and many in targeted sectors such as education, healthcare, and financial services fear they will be the next ransomware victim, and are on even higher alert.

The data and insights in this report are based on an online survey conducted in October 2022 among 208 security and IT leaders and executives, security administrators, and compliance professionals from CRA’s Business Intelligence research panel.

By and large, respondents have remained vigilant over the past two years. Many indicated their organizations have developed or revised their ransomware prevention and response strategies, updated related policies and standards, improved processes, boosted investments in new or upgraded technology, purchased ransomware insurance, started or increased employee training, and hired additional IT or security staff.

To keep up with increasingly innovative threat actors, respondents say they plan to continue improving their ransomware prevention strategies and adding new capabilities over the coming months. Important security measures, such as backup and recovery, and anti-malware/anti-virus solutions, are included in virtually all organizations’ ransomware prevention/mitigation strategies. But many are discovering those strategies are not enough and have added or plan to add additional capabilities, such as endpoint security, vulnerability management, Active Directory monitoring, credential protection, DNS tools, SIEMs, DLP and encryption, and cloud security software.

Here are some leading findings from the CRA report:

  • Companies take on a variety of security approaches. A majority have embraced well-established methods, such as employee security awareness training (83%), formal policies and procedures (66%), network segmentation (60%), and ransomware incident response plans (54%). At least 4 in 10 respondents have purchased ransomware insurance or follow a standardized framework such as NIST.
  • More than one-third have confidence in their security programs. About 1 in 3 respondents (35%) think their organization is unlikely to suffer from a ransomware attack in the next 12 months. Their confidence stems from tightened security policies, more effective tools, and increased user education and monitoring. However, 47% believe their organizations are likely to suffer a ransomware attack in the next 12 months. Their fears are further exacerbated by reports alerting them to attacks focused specifically on their industry sectors, including healthcare, education, financial services, airports, and the public sector.
  • Attackers are gaining access to systems. Nearly 1 in 4 (23%) respondents reported their organization experienced one or more ransomware attacks in the past 12 months. Almost one out of three (31%) of them said attackers succeeded in gaining access to their systems, encrypting files, and demanding a ransom — of which 2% paid the ransom.
  • Vast majority are responding to the ongoing threat. The hard lessons from a prior ransomware attack sparked a variety of responses, but most developed a new or revised strategy for ransomware incident response (69%) and started or increased employee training (67%). About one-third (35%) of the victims also purchased or upgraded their ransomware protection software, and 29% hired more IT or security staff following their attacks.
  • Respondents believe their current defenses are not enough. The average Ransomware Readiness self-assessment score of a respondent runs at 7.2 out of 10. Highly prepared organizations (those with readiness scores of 7.8 or higher) are more likely to have already adopted advanced or specialized ransomware prevention/mitigation solutions such as deception technologies, zero-trust, threat hunting and intelligence, and cloud security software. Additionally, these organizations tend to have the largest IT teams (21 or more) while organizations without a dedicated IT staff have the lowest average readiness scores of 5.3.

Looking ahead, a majority of respondents said they are likely to do more to prepare for a ransomware attack in the next 12 months. While most (68%) said they will develop or revise their ransomware incident response strategy to prepare for a future ransomware attack and put more effort into employee training. More than four out of 10 respondents said they will either purchase or upgrade their ransomware protection software, and some say they will purchase cybersecurity insurance. 

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.