Ransomware Readiness: Transforming Threat Into Organizational Resilience

Uploaded on 2025-01-30 in TECHNOLOGY--Resilience, FREE TO VIEW

Ransomware is no longer a technical problem relegated to the IT department, it is a boardroom issue. The rise in ransomware attacks has left few industries untouched, with incidents like the MOVEit file transfer hack and the high-profile breaches at MGM Resorts and Caesars Entertainment serving as stark reminders of the devastating financial, operational, and reputational consequences these attacks can bring.

Boards that fail to prepare risk exposing their organisations to avoidable crises and losing the trust of their stakeholders.

Boards cannot afford to treat ransomware attacks as isolated events. The average ransom demand now stands at $1.3 million, and in many cases, the damage far exceeds the financial cost. Customers, regulators, and business partners demand accountability, and organisations must not only recover from an attack but demonstrate their ability to prevent such incidents in the first place. However, too often boards find themselves unprepared when the worst happens. Decisions are delayed, communication is unclear, and a lack of preparation turns a bad situation into a disaster.

Preparation & Simulation

Preparation starts with recognising that ransomware is a multifaceted risk, not just a technical challenge. When an attack occurs, the first question is often, "What do we do now?" Yet this question should have been answered long before an attack takes place. Boards must ensure their organisations are ready to respond swiftly and effectively. A critical first step is simulating ransomware scenarios to identify gaps in readiness. Simulations place executives in the midst of a crisis and force them to make decisions in real time. This approach reveals weaknesses in strategy and coordination, allowing the organisation to refine its response plans before they are put to the test.

A simulation might begin with the CEO receiving a ransom demand. What happens next? Does the CEO call the Chief Information Security Officer (CISO) or assess the threat’s credibility first? Who coordinates the response, and what are the initial priorities? These are not questions to be answered on the fly.

Boards must understand the roles and responsibilities of everyone involved in managing a ransomware attack, from technical teams to public relations and legal advisors.

Compliance Mandates

Beyond simulations, boards must drive a cultural shift within their organisations. Cyber security cannot exist in a silo. It must be embedded into the organisation’s broader governance framework, with clear accountability at every level. This is increasingly important as regulators hold boards accountable for failing to manage cyber risks. In Europe, the NIS2 Directive mandates that senior leadership demonstrate active involvement in cyber security measures, with non-compliance potentially resulting in significant fines and reputational damage. In the United States, the Securities and Exchange Commission (SEC) now requires organisations to disclose cyber security incidents within four days and outline their processes for managing cyber risks.

While these regulations underscore the need for preparation, they also reflect a growing demand for transparency from customers and stakeholders. Research shows that 75% of customers would switch to a competitor if a company suffered a ransomware attack.

Boards must consider not only the immediate impact of an attack but also the long-term erosion of trust that can follow.

Cyber Risk Assessments 

Cyber Risk Assessments (CRAs) are critical tools for boards to gain comprehensive insights into their organisation's cybersecurity posture. By systematically identifying vulnerabilities, evaluating current defence mechanisms, and aligning risk management with business objectives, CRAs provide a strategic roadmap for enhancing digital resilience. This assessment process should also include an evaluation of the organisation's Endpoint Detection and Response (EDR) capabilities, which are crucial for monitoring and protecting endpoints from sophisticated threats. 

CRAs go beyond technical evaluation, serving as a crucial mechanism for ensuring regulatory compliance and understanding potential legal and financial risks.

They help organisations not just meet but exceed regulatory requirements, offering a proactive approach to managing cyber threats in an increasingly complex digital landscape. As part of this process, investing in managed EDR services can provide continuous monitoring and rapid response to threats at the endpoint level, significantly enhancing an organisation's ability to protect sensitive data and systems.

Regular CRAs enable boards to make informed decisions about resource allocation, prioritise cybersecurity initiatives, and demonstrate a commitment to protecting stakeholder interests. By transforming risk assessment from a compliance exercise to a strategic business tool, organisations can build a more robust and adaptive approach to cybersecurity governance. This approach should include a strong focus on endpoint security through EDR, recognising that endpoints are often the first line of defence against ransomware and other cyber threats.

Education & Best Practice

Ransomware readiness requires more than a well-rehearsed response plan. Boards must also ensure that their organisations have robust preventative measures in place. Regular data backups stored offline are a critical safeguard, enabling organisations to restore systems without paying ransoms. However, backups alone are not enough. Attackers are increasingly exfiltrating data and threatening to release it unless a ransom is paid, adding a new layer of complexity to the decision-making process.

Patch management, employee training, and access controls are essential components of an effective defence.

Ensuring that systems and software are updated regularly can eliminate vulnerabilities, while training employees to recognise phishing attempts can prevent attackers from gaining an initial foothold. Implementing the principle of least privilege, granting users only the access they need to perform their jobs, can limit the spread of ransomware within the network.

Despite these precautions, no organisation can eliminate the risk of a ransomware attack entirely. Boards must view ransomware preparedness as an ongoing process that evolves alongside the threat landscape. This includes integrating cyber security into the organisation’s overall business strategy, conducting regular risk assessments, and fostering a culture of continuous learning.

To Pay Or Not To Pay

One area that boards should consider carefully is whether to pay a ransom if an attack occurs. Governments, including the UK, are debating bans on ransomware payments, particularly for public sector organisations. While these bans aim to cut off the funding that fuels ransomware operations, they also raise difficult questions. If payment is not an option, boards must ensure their organisations are equipped to recover independently. This makes having an incident response plan, robust backups, and cyber insurance even more critical.

Cyber insurance is often seen as a safety net, providing financial support and expert resources to help organisations recover from an attack. However, insurance should not be a substitute for strong preventative measures. Boards must ensure that their organisations view insurance as one component of a comprehensive ransomware strategy, not a primary defence.

Ultimately, ransomware preparedness is about more than mitigating damage during an attack, it is about building resilience. Boards that take an active role in cyber security governance, invest in preventative measures, and practice their response to ransomware scenarios will be better equipped to navigate these crises. Moreover, by demonstrating leadership in this area, boards can safeguard their organisations’ reputations and ensure long-term business continuity.

Boards must step up, not only to protect their organisations, but to set a standard for accountability and resilience in an increasingly hostile digital environment.

James Eason is Practice Lead for Cyber Risk and Compliance at Integrity360

Image: AndreyPopov

You Might Also Read:

The Corporate CISO Role Is Evolving:

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« CYRIN's New Attack Scenario - On An HVAC Scada System

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Promon

Promon

Promon is an application security vendor providing Self-Protection abilities to Mobile apps and Desktop applications.

VADO Security Technologies

VADO Security Technologies

VADO Security enables the safe transfer of data between low & high security networks.

BehavioSec

BehavioSec

BehavioSec uses the way your customers type, swipe, and hold their devices, and enables them to authenticate themselves through their own behavior patterns.

Bunifu Technologies

Bunifu Technologies

Bunifu Technologies is an Information Security and Custom Software Development Company.

Morphus Information Security

Morphus Information Security

Morphus is an information security company providing Red Team, Blue Team and GRC services as well as conducting research in cybersecurity and threat analysis.

NeuroChain

NeuroChain

NeuroChain is an intelligent ecosystem that is more secure, more reliable and much faster than blockchain.

Cyber Pop-Up

Cyber Pop-Up

Cyber Pop-Up provide on-demand access to top security experts. No recruiting. No onboarding. No overhead costs.

SafeTech Informatics & Consulting

SafeTech Informatics & Consulting

Safetech's OTShield detects, prevents and analyses cyber-attacks in SCADA and Industrial IoT systems by utilising state of the art deception techniques.

TRU Staffing Partners

TRU Staffing Partners

TRU Staffing Partners is an award-winning contract staffing and executive search firm for cybersecurity, eDiscovery and privacy companies and professionals.

Canonic Security

Canonic Security

Canonic streamlines app review, continuously monitors apps, and reduces the risks involved in third-party access to your data.

PKI Solutions

PKI Solutions

PKI Solutions offers Public Key Infrastructure (PKI) products, services, and training to help ensure the security of organizations now and in the future.

FPG Technologies & Solutions

FPG Technologies & Solutions

FPG Technology is a technology solutions provider and systems integrator, specializing in delivering IT Consulting, IT Security, Cloud, Mobility, Infrastructure solutions and services.

Votiro

Votiro

Votiro is an award-winning cybersecurity company that specializes in file sanitization, ensuring every organization is safe from zero-day and undisclosed attacks.

Inholo

Inholo

Inholo offers tools to manage the risks of synthetic realities, starting with an AI-photo detection service.

US Insider Risk Management Center of Excellence (US-InRM)

US Insider Risk Management Center of Excellence (US-InRM)

The US-InRM Center of Excellence is a nonprofit organization dedicated to promoting private, public, and academic partnerships to foster knowledge sharing and resources to mitigate insider risk.

Pontiro

Pontiro

At Pontiro, we are enabling a new era of data-sharing. Bridging the gap between protected data and valuable insights through the use of cutting edge Homomorphic Encryption.