Adarma 2022 Ransomware Readiness Report

Overconfident and Underprepared?

 

In January 2022, Adarma undertook research across 500 UK organisations with over 2000 employees. We asked the senior leadership of these organisations a series of questions to uncover how concerned business leaders are about ransomware, how confident they are in their organisation’s ability to deter or prevent an attack, how able they are to respond to an attack and to understand the steps they have undertaken to minimise this significant risk.
Our report highlights the key findings and provides guidance to the c-suite and executive board on how to prepare their organisation, not just the security team, for what some might say is an inevitable ransomware attack.

Key Findings

Epidemic Levels

Has your organisation experienced a ransomware attack?

According to our study, 58% of UK businesses with more than 2000 employees have suffered a ransomware attack.

Criminals are Cashing In

Did you pay the ransom?

A staggering 67% confirmed they had paid the ransom, for smaller businesses this was 100%, while it appears those with higher revenues were generally less likely to pay.

IT to Blame?

Who should be held accountable?

19% of business leaders believe the individual duped into clicking on a phishing email should be held accountable, while 48% would levy blame at the IT Security Team.

Fill in the Form to Read the Full Report

Discover How You Can Better Prepare Your Organisation With our Ransomware Readiness Blog Series

RansomCloud: How Ransomware is Attacking the Cloud

Anti-Ransomware Awareness Day: Re-examining WannaCry 5 years on

Ransomware Readiness from a Legal Team’s Perspective

Debunking 5 Major Ransomware Myths & Misconceptions

Practical Tips for Leading a Team Through a Cyber Attack

Ransomware: Your Checklist for Building an Incident Response Plan 

15 Recent Ransomware Attacks

Ransomware as a Service (RaaS) Explained

The Six Steps of Detection and Response

How to Get Attackers Out of Your Network

The Magnificent Seven Components of a Solid Cyber Defence Plan

Raising the Bar of your Cyber Defence Plan

iStock-1191833199-1200x800

The Expert View

Ransomware Strategies – Preparing for an Attack

“Ransomware is the cyber-plague of our time,” said John Maynard, CEO of Adarma, opening a recent TEISS breakfast briefing at The Goring in London. He told attendees, all senior executives from a range of industries, that ransomware attacks are up 144 percent, year-on-year, and the amount paid in ransoms has increased by 75 percent to $500,000.

Leading a Team Through a Devastating Cyber Attack

Practical advice and insight from a former CEO

cybersecurity

#1

Invest in avoiding the attack and an effective response (Keep Them Out, Get Them Out)

cybersecurity

#2

Determine if you might discuss/negotiate and/or pay and, if so, prepare for this

cybersecurity

#3

Agree on recovery priorities (for both business and security) and how they will be balanced

cybersecurity

#4

Invest in understanding your environment and maintaining this understanding

cybersecurity

#5

Clearly determine who needs to create and execute the response plan and hold them to account

cybersecurity

#6

Select suppliers with the right experience level and the right attitude before the crisis

cybersecurity

#7

Agree and implement how you will communicate (assume normal channels are watched)

cybersecurity

#8

Agree and implement how you will detect, respond and recover (assume disruption will occur)

cybersecurity

#9

Exercise the plan and stress test the organisation (including your suppliers)

cybersecurity

#10

Engage with your core customers and agree how you will work together during the crisis

“Ransomware is at epidemic levels and there is a disconnect between organisations’ confidence in their levels of preparedness in the face of an attack and what we are seeing on the ground. With almost 60% of UK businesses with more than 2,000 employees having experienced a ransomware attack, it is critical that we elevate this risk within our own organisations”

 

– John Maynard, Chief Executive Officer, Adarma

We believe that the main advantage we have over an attacker is the time to prepare a response with a credible plan.​

 

security-consulting

Prepare

Intelligence, planning and rehearsing, testing and simulating breaches are all important factors to integrate into your defences.​

security-consulting

Protect

Manage your attack surface through risk-based vulnerability management and controls​.

security-consulting

Detect

Early context rich detection, before action is taken is critical to contain and stop the bleed.

security-consulting

Respond

Ensure you have the right experts on call to support you during the incident response.  Ensure you have mechanisms in place to document lessons learned and improve plans.

Reporting a Ransomware Attack

When your business suffers a ransomware attack or a related cybersecurity incident, you might need to report it to the Information Commissioner’s Office (ICO). Under the General Data Protection Regulation (GDPR) rules, which went into effect as of 25th May 2018, it’s mandatory that you report data breaches to the ICO within 72 hours.

Below are some useful links when reporting a ransomware attack:

Let’s Talk

Speak to our experts and see how we can help protect your business.

Contact Us