Nearly 40% of companies surveyed do not have a ransomware strategy that focuses on recovery
Boston: Zerto, a Hewlett Packard Enterprise has released findings from its 2022 Ransomware Strategy Survey conducted at VMware Explore US in August/September 2022. The research revealed gaps in companies’ data protection and ransomware strategies that they will want to address to reduce their risk of interrupted business operations in the event of a ransomware attack.
The lack of focus on recovery endangers business operations in the face of ransomware attacks
As found in a recent IDC report sponsored by Zerto, the impact of ransomware attacks is extensive. The cost to people can be high with employee overtime, lost employee productivity, the direct cost of recovery (i.e., the engagement of consultants or specialists), and unrecoverable data being notable issues. However, there are even more significant impacts like lost revenue, damaged company reputation, and permanent loss of customers.
That is why cyberthreats are part of most businesses' high-level strategy. However, the way in which organisations prepare to combat those threats varies. Only half of the companies surveyed focus on both recovery and prevention. This indicates that a holistic view is far from the norm amongst those surveyed. Interestingly, over a third of respondents (37%) do not have a strategy in place that focuses on recovery. They either have a sole focus on prevention or, alarmingly, have no formalised strategy in place yet (8.7%). This is dangerous because, as ransomware actors become more capable of impounding data, businesses will suffer if they can’t get back up and running immediately on their own behalf.
Creating a more holistic ransomware strategy
Ransomware can be combated with proper recovery strategies, but not all companies have a formalised recovery strategy in place. The report shows that companies are reevaluating their data protection and cyber resilience strategies. In the survey, 66.8% deem their strategy in need of further examination; meanwhile, 20% are satisfied with the plans in place.
It’s notable that two-thirds of respondents indicated they are reviewing the strategy they have in place—especially considering the current cyberthreat landscape. This may signal that prevention is not enough and that legacy data protection is failing. As companies reevaluate their strategies, those that haven’t yet put a focus on recovery will benefit by leaning in the direction of continuous data protection, which offers a continuous stream of recovery checkpoints that allow them to rewind to a time within seconds prior to an attack.
“In an era of relentless cyberthreats, strategies to combat attacks can’t remain idle, and they must be multidimensional,” said Caroline Seymour, VP of product marketing at Zerto. “Cyber attackers have proven that they can breach fortified security structures, so companies need a plan in place for what to do once bad actors are in. If the goal is to keep business running and operating, a recovery strategy is required. It’s positive that many companies have multifaceted strategies in place, but completely protecting the business requires recovery capabilities.”
Methodology
The research team surveyed 220 people in person at VMware Explore in San Francisco, August 29 to 31, 2022. All were attendees of the VMware Explore conference. All data was collected in a span of three days. Responses were recorded anonymously, but company and job/title information was collected.