Deloitte survey shows widespread lack of preparation for ransomware attacks
While 64.8 percent of C-suite and other executives responding to a recent a recent Deloitte poll say that ransomware is a cyber threat posing major concern to their organizations over the next 12 months, only 33.3 percent say that their organizations have simulated ransomware attacks to prepare for such an incident.
The vast majority (86.7 percent) of those surveyed also say that they expect the number of cyber attacks targeting their organizations to increase over the next 12 months.
“Over the past 12-18 months, executives across industries and sectors have witnessed — and increasingly experienced first-hand — the jaw-dropping frequency, sophistication, cost, and both economic and operational impacts of ransomware attacks,” said Curt Aubley, Deloitte Risk & Financial Advisory detect and respond practice leader and managing director, Deloitte & Touche LLP. “As some ransomware can evade antivirus tools and attackers find more ways to pressure victims to pay ransoms, these attacks often have national and global repercussions. There’s no time to waste when it comes to honing and testing incident response programs for ransomware and other cyber events.”
Kieran Norton, Deloitte Risk & Financial Advisory’s infrastructure security solution leader and principal, Deloitte & Touche LLP, added, “Strong executive and board level oversight of and support for the cyber risk management program is a critical part of event preparedness. Leaders at the highest levels need to understand the crucial role they play in prevention — by providing oversight, governance and tone from the top — as well as direct support for attack response.”
To get an idea of how prepared an organization is to address a ransomware attack, Norton says business leaders can ask specific questions designed to probe the depth of the cyber program’s ransomware detection, prevention and response capabilities.
Questions leaders can ask to gauge their organizations’ ransomware preparedness include:
This content was originally published here.