Ransomware Readiness: Transforming Threat Into Organizational Resilience

Uploaded on 2025-01-30 in TECHNOLOGY--Resilience, FREE TO VIEW

Ransomware is no longer a technical problem relegated to the IT department, it is a boardroom issue. The rise in ransomware attacks has left few industries untouched, with incidents like the MOVEit file transfer hack and the high-profile breaches at MGM Resorts and Caesars Entertainment serving as stark reminders of the devastating financial, operational, and reputational consequences these attacks can bring.

Boards that fail to prepare risk exposing their organisations to avoidable crises and losing the trust of their stakeholders.

Boards cannot afford to treat ransomware attacks as isolated events. The average ransom demand now stands at $1.3 million, and in many cases, the damage far exceeds the financial cost. Customers, regulators, and business partners demand accountability, and organisations must not only recover from an attack but demonstrate their ability to prevent such incidents in the first place. However, too often boards find themselves unprepared when the worst happens. Decisions are delayed, communication is unclear, and a lack of preparation turns a bad situation into a disaster.

Preparation & Simulation

Preparation starts with recognising that ransomware is a multifaceted risk, not just a technical challenge. When an attack occurs, the first question is often, "What do we do now?" Yet this question should have been answered long before an attack takes place. Boards must ensure their organisations are ready to respond swiftly and effectively. A critical first step is simulating ransomware scenarios to identify gaps in readiness. Simulations place executives in the midst of a crisis and force them to make decisions in real time. This approach reveals weaknesses in strategy and coordination, allowing the organisation to refine its response plans before they are put to the test.

A simulation might begin with the CEO receiving a ransom demand. What happens next? Does the CEO call the Chief Information Security Officer (CISO) or assess the threat’s credibility first? Who coordinates the response, and what are the initial priorities? These are not questions to be answered on the fly.

Boards must understand the roles and responsibilities of everyone involved in managing a ransomware attack, from technical teams to public relations and legal advisors.

Compliance Mandates

Beyond simulations, boards must drive a cultural shift within their organisations. Cyber security cannot exist in a silo. It must be embedded into the organisation’s broader governance framework, with clear accountability at every level. This is increasingly important as regulators hold boards accountable for failing to manage cyber risks. In Europe, the NIS2 Directive mandates that senior leadership demonstrate active involvement in cyber security measures, with non-compliance potentially resulting in significant fines and reputational damage. In the United States, the Securities and Exchange Commission (SEC) now requires organisations to disclose cyber security incidents within four days and outline their processes for managing cyber risks.

While these regulations underscore the need for preparation, they also reflect a growing demand for transparency from customers and stakeholders. Research shows that 75% of customers would switch to a competitor if a company suffered a ransomware attack.

Boards must consider not only the immediate impact of an attack but also the long-term erosion of trust that can follow.

Cyber Risk Assessments 

Cyber Risk Assessments (CRAs) are critical tools for boards to gain comprehensive insights into their organisation's cybersecurity posture. By systematically identifying vulnerabilities, evaluating current defence mechanisms, and aligning risk management with business objectives, CRAs provide a strategic roadmap for enhancing digital resilience. This assessment process should also include an evaluation of the organisation's Endpoint Detection and Response (EDR) capabilities, which are crucial for monitoring and protecting endpoints from sophisticated threats. 

CRAs go beyond technical evaluation, serving as a crucial mechanism for ensuring regulatory compliance and understanding potential legal and financial risks.

They help organisations not just meet but exceed regulatory requirements, offering a proactive approach to managing cyber threats in an increasingly complex digital landscape. As part of this process, investing in managed EDR services can provide continuous monitoring and rapid response to threats at the endpoint level, significantly enhancing an organisation's ability to protect sensitive data and systems.

Regular CRAs enable boards to make informed decisions about resource allocation, prioritise cybersecurity initiatives, and demonstrate a commitment to protecting stakeholder interests. By transforming risk assessment from a compliance exercise to a strategic business tool, organisations can build a more robust and adaptive approach to cybersecurity governance. This approach should include a strong focus on endpoint security through EDR, recognising that endpoints are often the first line of defence against ransomware and other cyber threats.

Education & Best Practice

Ransomware readiness requires more than a well-rehearsed response plan. Boards must also ensure that their organisations have robust preventative measures in place. Regular data backups stored offline are a critical safeguard, enabling organisations to restore systems without paying ransoms. However, backups alone are not enough. Attackers are increasingly exfiltrating data and threatening to release it unless a ransom is paid, adding a new layer of complexity to the decision-making process.

Patch management, employee training, and access controls are essential components of an effective defence.

Ensuring that systems and software are updated regularly can eliminate vulnerabilities, while training employees to recognise phishing attempts can prevent attackers from gaining an initial foothold. Implementing the principle of least privilege, granting users only the access they need to perform their jobs, can limit the spread of ransomware within the network.

Despite these precautions, no organisation can eliminate the risk of a ransomware attack entirely. Boards must view ransomware preparedness as an ongoing process that evolves alongside the threat landscape. This includes integrating cyber security into the organisation’s overall business strategy, conducting regular risk assessments, and fostering a culture of continuous learning.

To Pay Or Not To Pay

One area that boards should consider carefully is whether to pay a ransom if an attack occurs. Governments, including the UK, are debating bans on ransomware payments, particularly for public sector organisations. While these bans aim to cut off the funding that fuels ransomware operations, they also raise difficult questions. If payment is not an option, boards must ensure their organisations are equipped to recover independently. This makes having an incident response plan, robust backups, and cyber insurance even more critical.

Cyber insurance is often seen as a safety net, providing financial support and expert resources to help organisations recover from an attack. However, insurance should not be a substitute for strong preventative measures. Boards must ensure that their organisations view insurance as one component of a comprehensive ransomware strategy, not a primary defence.

Ultimately, ransomware preparedness is about more than mitigating damage during an attack, it is about building resilience. Boards that take an active role in cyber security governance, invest in preventative measures, and practice their response to ransomware scenarios will be better equipped to navigate these crises. Moreover, by demonstrating leadership in this area, boards can safeguard their organisations’ reputations and ensure long-term business continuity.

Boards must step up, not only to protect their organisations, but to set a standard for accountability and resilience in an increasingly hostile digital environment.

James Eason is Practice Lead for Cyber Risk and Compliance at Integrity360

Image: AndreyPopov

You Might Also Read:

The Corporate CISO Role Is Evolving:

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« CYRIN's New Attack Scenario - On An HVAC Scada System
CISOs Increase Crisis Simulation Budgets »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 7,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Thycotic

Thycotic

Thycotic prevents cyber attacks by securing passwords, protecting endpoints and controlling application access.

Gigasoft

Gigasoft

Gigasoft provide secure online data backup & cloud backup services for the education sector and businesses.

Napatech

Napatech

Napatech develops and manufactures high speed network accelerators specifically designed for real-time network monitoring and analysis applications.

PrimaTech

PrimaTech

PrimaTech provide process safety, cyber and process security, and risk management consulting, training and software for the process industries.

Radar Cyber Security

Radar Cyber Security

Radar Cyber Security is the only European supplier of Managed Detection & Response who provides its services based on inhouse developed technology.

SAASPASS

SAASPASS

SAASPASS is a full-stack identity and access management solution, a single product which allows you to manage all your digital and physical access needs securely and conveniently.

Cyber Security Challenge UK

Cyber Security Challenge UK

Cyber Security Challenge UK is a series of national competitions, learning programmes, and networking initiatives designed to identify, inspire and enable more people to become cybersec professionals.

United Biometrics

United Biometrics

United Biometrics is an anonymous and real-time authentication platform designed to stop the fraud for mobile payments, e-Commerce and applications.

The Security Company (TSC)

The Security Company (TSC)

The Security Company is a leading provider of creative employee security awareness programmes.

CS3STHLM

CS3STHLM

CS3STHLM is the Stockholm international summit on Cyber Security in SCADA and Industrial Control Systems.

Prove Identity

Prove Identity

Prove (formerly Payfone) is a leader in mobile & digital identity authentication for the connected world.

SecSign Technologies

SecSign Technologies

SecSign Technologies delivers user authentication, messaging, file sharing, and file storage with next generation security for company networks, websites, platforms, and devices.

DH2i

DH2i

DH2i is a leading provider of multi-platform Software Defined Perimeter and Smart Availability software enabling customers to create an entire IT infrastructure that is always-secure and always-on.

Aravo Solutions

Aravo Solutions

Your Extended Enterprise is full of hidden risks – Aravo makes them visible, measurable, and manageable.

DuckDuckGoose

DuckDuckGoose

DuckDuckGoose offer advanced solutions to protect against manipulated videos, images, voices and texts.

Security4Media

Security4Media

Security4Media is a non-profit association set up to reduce risks and support trust in media, in the face of increasing cybersecurity threat levels.