57% of CISOs Experienced Ransomware Attacks that Started on Endpoint Devices, with Many Taking Two Weeks to Recover
Fifty-eight percent of cybersecurity leaders would consider paying cybercriminals to end a ransomware attack, with 46 percent ranking operational downtime as the most significant impact ransomware is likely to have on their organizations.
Also Read: CIO Influence Interview with Kyle Wickert, Field CTO at AlgoSec
These are among findings revealed in The Ransomware Reality: Zero Days to Recover. This new report from Absolute Security includes results from a survey of 750 enterprise Chief Information Security Officers (CISOs) across the United States and United Kingdom, conducted by independent polling provider Censuswide.
“It’s not surprising to learn that despite regulatory pressure, security and risk leaders remain open to paying a ransom to recover their systems and protect data, especially when considering that prolonged downtime can lead to unsustainable losses,” said Christy Wyatt, President and CEO, Absolute Security. “CISOs that can quickly restore continuity after disruptive attacks can avoid getting trapped in a downtime cycle, which will only grow alongside cybercriminals’ increasing use of AI-powered attacks.”
Ransomware continues to top CISOs’ ledgers as one of the most menacing threats they face, with their endpoint device infrastructures significantly vulnerable. Over the past 12-18 months, 57 percent reported their enterprises experienced an attack that originated on a remote, mobile, or hybrid device, with 58% in agreement that an incident left endpoints inoperable.1 Neither finding was unpredictable, when considering that additional telemetry-based research from millions of PCs revealed critical endpoint security controls fail to operate 20 percent of the time.2
This second edition in the State of Enterprise Cyber Resilience research series surfaced additional salient findings that expose how ransomware is impacting operational resilience. Included in the results were several top takeaways:
Confidence Paradox. 83% of CISOs reported being confident in their businesses’ ability to recover from ransomware, yet 57% took as long as six days to bounce back and 20% took as long as two weeks. No CISOs reported having the ability to recover within a day.
Sneaker Net. Despite knowing that ransomware continues to cause operational disruptions, 59% of organizations agree they must take physical possession of an endpoint to remediate and restore the device after an incident. Only 53% of organizations have remote recovery capabilities in place, despite the wide-spread availability of such tools.
Mythos Variable. CISOs reported that legacy system patching is the second most challenging ransomware mitigation method at 42% (this was only 1% behind the top-ranked challenge—Employee Awareness Training at 43%). With Claude Mythos showing that advanced LLMs in the hands of defenders and attackers can surface vulnerabilities at speeds the industry cannot keep pace with, organizations will face continued disruption caused by threats that leverage unmitigated software risks. This means that while patching must remain a key security tactic, the ability to recover from increasing vulnerabilities and exploits must rise to the top of the priority stack.
Catch more CIO Insights: The CIO as a Value Creator: Moving Beyond Cost Centers to Revenue Drivers
[To share your insights with us, please write to psen@itechseries.com ]
