Ransomware: Are Organisations Overconfident yet Underprepared?

The magnitude of threat – and damage caused – to organisations from ransomware over the past two years is unprecedented.

Cyber adversaries’ tactics and capabilities have evolved at breakneck speed – adopting double, and now triple, extortion strategies as they operate from an ever-more sophisticated and crowded arena.

That today’s business leaders are more cognisant of the ransomware epidemic is undisputed.  Despite this, recent findings from industry veterans Crowdstrike – showing an 82% increase in ransomware-related data leaks in 2021 – and Adarma – that 58% of large UK businesses have experienced a ransomware incident – make for sobering reading.

Yet, in the face of this, there is worrying evidence of a dissonance between the 96% of enterprises who profess confidence in their abilities to fend off ransomware incursions, and the reality of further attack-likelihood and actual breaches being seen on the ground.

And with a fifth of large businesses admitting they still don’t even have a cyber incident response plan in place, we ask: are today’s organisations perilously overconfident yet underprepared?

Furthermore, with a staggering two-thirds of targeted UK companies admitting to having paid a ransom, we ask, is this confirmation that payment as a solution – despite its myriad ethical and financial implications – has become accepted practice?