Companies lack ransomware strategy

More than two-thirds of companies surveyed do not have a ransomware strategy that focuses on recovery.

  • Wednesday, 25th October 2023 Posted 1 year ago in by Phil Alsop

Zerto has released findings from its 2023 Ransomware Strategy Survey conducted at VMware Explore US in August 2023. The research reveals that more than one-third of companies still do not have a well-rounded, holistic ransomware strategy in place. The survey also found that companies are reevaluating their data protection and cyber resilience strategies to align more closely with the threats they are facing.

One in three companies still are not prioritising recovery

The report shows that 35.4% of companies are not prioritising recovery. This is concerning as ransomware actors are becoming more capable of impounding data. Businesses will suffer wide-ranging consequences if they cannot recover and get back up and running immediately on their own behalf.

In all, just over half of the companies surveyed (56.6%) focus on both recovery and prevention. This indicates that a holistic view is far from widespread amongst those surveyed.

“It is natural for companies to start by building a robust prevention strategy focused on thwarting attacks,” said Caroline Seymour, VP of product marketing at Zerto. “However, as attacks become more sophisticated and capable of breaching prevention measures, prioritising recovery must be a key element of a modern, multi-layered approach. It’s just as crucial as prevention, if not more, in the current threat environment.”

 Companies continue to reevaluate ransomware strategies

The survey also found that 66.2% of companies are reevaluating their data protection and cyber resilience strategies. This is a positive sign as it shows that companies are taking the threat of ransomware seriously. Still, the fact that companies are reevaluating strategies they have in place, especially considering that nearly two thirds (63.1%) of those surveyed have multiple data protection and ransomware detection tools at their disposal, signals that prevention is not enough and that legacy data protection falls short.

“It’s encouraging to see that organisations are reevaluating their ransomware strategies. For companies that have not put a focus on recovery, this is a step in the right direction toward a more holistic ransomware strategy,” continued Seymour. “One solution that companies should consider is isolated cyber vaults that can employ a secure architecture to protect data and thwart ransomware. Organisations should not rely on protection alone. That is a risk that can’t be alleviated by insurance and preventative measures and is not worth taking."

In addition, the survey found that obtaining cyber insurance requires a holistic approach. For those utilising cyber insurance, the underwriters that evaluate applicants require backup, disaster recovery, detection, and data vault capabilities to approve policies. This shows that those who are in the business of financially protecting against ransomware threats require policy holders to protect their data in a comprehensive fashion.

The survey's findings suggest that companies need to reevaluate their ransomware strategies and adopt a more holistic approach that includes recovery, data protection, and cyber insurance. By doing so, companies can better protect themselves from the devastating financial and operational consequences of a ransomware attack.