Blog

(ISC)² Ransomware Study: Collaboration and Communication are Essential for Ransomware Readiness

Dec 09, 2021

Ransomware_in_the_C_Suite-Report Global C-suite executives are confident in their organizations’ preparedness to handle a ransomware attack, according to a newly published (ISC)² ransomware study titled, “Ransomware in the C-Suite: What Cybersecurity Leaders Need to Know About What Executives Need to Hear .” Although confident, C-suite executives express a strong willingness to invest in technology and staff to improve defenses—signaling that now is an opportune time for cybersecurity leaders to proactively address their organizational readiness with the executive team.

In response to several high-profile cyberattacks this year, (ISC)2 commissioned a survey of 750 C-level executives across the United States and the United Kingdom to provide cybersecurity professionals with deeper insights into how C-suite executives perceive their organizations’ readiness for ransomware.

This data underscores the need for clearer and more frequent communications between cybersecurity teams and executives and offers best practices security leaders should implement to improve those interactions.

Armed with this report, cybersecurity professionals can tailor their ransomware education and risk reporting to align with what leadership needs to know for decision making and their top concerns about ransomware threats.

According to the report, C-suite leaders are most interested to know whether data backup and restoration plans can withstand a ransomware attack (38%), how minimal operations can be restored in the event of an attack (33%), and how prepared the organization is to engage with law enforcement (32%). Leaders’ top concerns about ransomware are exposure to regulatory sanctions (38%), loss of data or intellectual property (34%), followed equally (31% each) by concerns about loss of confidence among employees, loss of business due to systems outage, uncertainty that data could still be compromised even after paying a ransom, and reputational harm.

Based on the insights from C-suite respondents, the study outlines five key tips for cybersecurity team leaders to consider in their conversations with and reports to executives about ransomware threats. More details on each tip can be found in the report, but the five tips are as follows:

  • Increase communication and reporting to leadership
  • Temper overconfidence as needed
  • Tailor your message
  • Make the case for new staff and other investments
  • Make clear that ransomware defense is everyone’s responsibility

To learn more about the recommended actions organizations can take to bolster ransomware defenses and download a copy of the report, visit: https://www.isc2.org/Research/Ransomware-Study

The (ISC)2 Professional Development Institute (PDI) offers additional ransomware educational resources, including the highly popular and well-received PDI course, “Ransomware: Identify, Protect, Detect, Recover .” Earlier this year, nearly 5,000 professionals registered to attend the 2-hour crash course during a limited time free promotion .