New research from Adarma, the UK’s largest independent cyber threat management company, has discovered a major disconnect in the way organisations think and act in the face of ransomware. Adarma’s nationwide ransomware study surveyed 500 C-level executives at UK businesses with over 2,000 employees and found that 58% of respondents have experienced a ransomware attack, with 94% of respondents reporting to be either concerned or very concerned about being hit by ransomware. However, the research also showed that 95% of business leaders were still confident in their ability to respond effectively to a ransomware attack, despite 22% not having an incident response plan in place.
According to Adarma’s research of those businesses that reported to have suffered a ransomware attack in the past, more than two-thirds admitted that they had paid the attackers the ransom, a figure which rose to 100% for businesses with less than a one million pound turn over.
While these business leaders were confident in their companies defences, only 22% had an organisation with a cyber incident response plan put in place in case of an attack. A fifth of organisations that did have a plan did not have a third party or departments outside of the IT and Security Operations teams involved, which is a key component of a strong incident response plan.
When asked about whom accountability of an attack falls on, 48% of business leaders said that they would blame the IT Security team if they were to be hit by a ransomware attack, while only 33% said that they would blame the CEO or board. Additionally, 19% of the survey’s respondents said that they felt that the individual who clicked on a phishing link would be accountable for a ransomware attack.
John Maynard, chief executive officer at Adarma said, “ransomware is at epidemic levels and there is a disconnect between organisations’ confidence in their levels of preparedness in the face of an attack and what we are seeing on the ground. With almost 60% of UK businesses with more than 2,000 employees having experienced a ransomware attack, it is critical that we elevate this risk within our own organisations.”
Maynard, continued to say, “there are a number of steps that organisations can take to reduce their risk of business impact from ransomware attacks from preventive measures and effective preparation through to detection, disruption, eradication, containment and response. It is critical that we reduce the attack surface, harden our systems, deploy preventive and detective controls, and implement a well thought out incident response plan that extends beyond just the technical requirements. Organisations should be regularly simulating an attack to test the effectiveness of their organisational defences and response plans and adapting and improving before being faced with the real thing.”