Cohesity has found a worrying trend among businesses relying on ransomware payouts and cyber insurance as a solution to their cybersecurity weaknesses.
Over 3,400 IT and Security decision makers were surveyed globally, with 91% of UK respondents acknowledging that the ransomware threat has escalated in the last year. Further exacerbating the concern, almost 40% of these organisations have fallen prey to ransomware attacks in the past six months, emphasising the persisting menace of ransomware.
Although a commendable 85% of surveyed companies have cyber resilience strategies in place, a meagre 23% express complete confidence in these plans. Furthermore, 53% perceive gaps or areas for improvement in their strategies, while 42% admit to struggling with overburdened teams.
A startling revelation is that 38% of respondents believe their leaders remain unaware of cyber resilience’s critical importance, possibly contributing to a dearth of skilled professionals and the necessary cybersecurity tools. Indeed, a significant 70% of respondents believe their workforce lacks the necessary skills to handle a data breach effectively.
An interesting yet conflicting finding is that 95% of respondents express confidence in their data and critical business process recovery capabilities, despite 68% also stating that the situation could be precarious or that their confidence is limited. When it comes to barriers in business recovery, 37% attributed it to coordination issues between IT and security teams, and 31% cited lack of access to recent, uncorrupted data copies.
The study also sheds light on the alarming reliance on ransom payouts and insurance as a makeshift cover for cybersecurity gaps. A mere 9% ruled out paying a ransom after an attack, while 80% believed they would be covered by ransomware warranties, a conclusion seemingly at odds with Cohesity’s analysis of various warranty terms and conditions. Moreover, although 73% claimed their organisations had cyber-insurance, 48% acknowledged that obtaining such insurance has become more challenging compared to three years ago.
James Blake, CISO EMEA at Cohesity, said, “A cyber resiliency strategy that prioritises the ability to recover from a cyber-attack is arguably more important than one that focuses solely on prevention. But all the time that companies try to pay their way out of trouble with ransoms, insurance or warranties is throwing money in the wrong direction as this won’t help them recover the data and processes that keep the organisation in business.
“The gaps aren’t in prevention or even in the workforce, the gaps that need bridging are in the c-suite taking the threats seriously and investing in tools to rapidly recover from attacks.”
Brian Spanswick, CISO, Cohesity, said, “IT and SecOps must co-own organisations’ cyber resilience outcomes to identify sensitive data and protect, detect, respond, and recover from cyberattacks. Relying on traditional backup and recovery systems, which lack modern data security capabilities, in today’s sophisticated cyber threat landscape is a recipe for disaster. Instead, organisations should seek out data security and management platforms that integrate with their existing cybersecurity solutions and provide visibility into their security posture and improve cyber resilience.
Keep up with all the latest FinTech news here
Copyright © 2023 FinTech Global
