A new (ISC)2 survey offers cybersecurity professionals insights into the thinking of C-suite officials and their perceptions of their organizations’ preparation for ransomware attacks. This report emphasizes the importance of better and more regular discussions between cybersecurity staff and Chief executives, as well as recommended practices that security professionals could apply to strengthen such interactions.
According to a survey of 750 C-level executives conducted in the United Kingdom and the United States, the high-profile ransomware attacks of 2021 have presented an opportunity for cybersecurity representatives to proactively tackle their organization’s preparedness by providing extensive updates as well as actionable intelligence to the C-suite. While executive trust in ransomware defenses remains high, there is a great readiness to spend in technology and personnel, according to the research.
“With this study, we wanted to provide deeper insights from executives who are ultimately responsible for protecting their organizations from ransomware,” said Clar Rosso, CEO, (ISC)². “The study gives cybersecurity professionals a window into what their C-suite cares about when it comes to the potential impact of ransomware. Knowing this, and by tailoring their ransomware education and risk reporting accordingly, security teams can get the support they need to mitigate this high-profile risk to their organization.”
Surprisingly, respondents reported high confidence levels in their firms’ ability to deal with a ransomware assault. That faith has not been shaken by the recent wave of attacks. In fact, following the year’s high-profile intrusions, there was a tiny increase in confidence (69 percent to 71 percent). Only 15% of Chief executives expressed a lack of confidence.
Respondents were further asked what information they need the most from their cybersecurity staff in the event of a cyberattack, and their biggest worries included ensuring that data backup and recovery plans were not affected by ransomware (38 percent), how modest operations could be restored in the event of an attack (33 percent), and how equipped the organization is to interact with law enforcement (32 percent).
The biggest fear among leaders in the event of a ransomware attack, as expressed by 38% of respondents, is vulnerability to regulatory consequences. The level of concern is greater in the U.K. (41%) than in the U.S. (36 percent).
Loss of data or intellectual property is the second most important concern for executives (34 percent) in the event of a ransomware attack, accompanied by concerns regarding employee confidence, business losses caused by system outages, the uncertainty that information could still be affected even after paying the ransom, and reputation damage (31 percent each).
The research highlights five essential guidelines for cybersecurity leaders to consider in their talks with and briefings to executives regarding ransomware risks based on input from C-suite respondents. The five suggestions are as follows: