Ransomware Readiness: Transforming Threat Into Organizational Resilience

Uploaded on 2025-01-30 in TECHNOLOGY--Resilience, FREE TO VIEW

Ransomware is no longer a technical problem relegated to the IT department, it is a boardroom issue. The rise in ransomware attacks has left few industries untouched, with incidents like the MOVEit file transfer hack and the high-profile breaches at MGM Resorts and Caesars Entertainment serving as stark reminders of the devastating financial, operational, and reputational consequences these attacks can bring.

Boards that fail to prepare risk exposing their organisations to avoidable crises and losing the trust of their stakeholders.

Boards cannot afford to treat ransomware attacks as isolated events. The average ransom demand now stands at $1.3 million, and in many cases, the damage far exceeds the financial cost. Customers, regulators, and business partners demand accountability, and organisations must not only recover from an attack but demonstrate their ability to prevent such incidents in the first place. However, too often boards find themselves unprepared when the worst happens. Decisions are delayed, communication is unclear, and a lack of preparation turns a bad situation into a disaster.

Preparation & Simulation

Preparation starts with recognising that ransomware is a multifaceted risk, not just a technical challenge. When an attack occurs, the first question is often, "What do we do now?" Yet this question should have been answered long before an attack takes place. Boards must ensure their organisations are ready to respond swiftly and effectively. A critical first step is simulating ransomware scenarios to identify gaps in readiness. Simulations place executives in the midst of a crisis and force them to make decisions in real time. This approach reveals weaknesses in strategy and coordination, allowing the organisation to refine its response plans before they are put to the test.

A simulation might begin with the CEO receiving a ransom demand. What happens next? Does the CEO call the Chief Information Security Officer (CISO) or assess the threat’s credibility first? Who coordinates the response, and what are the initial priorities? These are not questions to be answered on the fly.

Boards must understand the roles and responsibilities of everyone involved in managing a ransomware attack, from technical teams to public relations and legal advisors.

Compliance Mandates

Beyond simulations, boards must drive a cultural shift within their organisations. Cyber security cannot exist in a silo. It must be embedded into the organisation’s broader governance framework, with clear accountability at every level. This is increasingly important as regulators hold boards accountable for failing to manage cyber risks. In Europe, the NIS2 Directive mandates that senior leadership demonstrate active involvement in cyber security measures, with non-compliance potentially resulting in significant fines and reputational damage. In the United States, the Securities and Exchange Commission (SEC) now requires organisations to disclose cyber security incidents within four days and outline their processes for managing cyber risks.

While these regulations underscore the need for preparation, they also reflect a growing demand for transparency from customers and stakeholders. Research shows that 75% of customers would switch to a competitor if a company suffered a ransomware attack.

Boards must consider not only the immediate impact of an attack but also the long-term erosion of trust that can follow.

Cyber Risk Assessments 

Cyber Risk Assessments (CRAs) are critical tools for boards to gain comprehensive insights into their organisation's cybersecurity posture. By systematically identifying vulnerabilities, evaluating current defence mechanisms, and aligning risk management with business objectives, CRAs provide a strategic roadmap for enhancing digital resilience. This assessment process should also include an evaluation of the organisation's Endpoint Detection and Response (EDR) capabilities, which are crucial for monitoring and protecting endpoints from sophisticated threats. 

CRAs go beyond technical evaluation, serving as a crucial mechanism for ensuring regulatory compliance and understanding potential legal and financial risks.

They help organisations not just meet but exceed regulatory requirements, offering a proactive approach to managing cyber threats in an increasingly complex digital landscape. As part of this process, investing in managed EDR services can provide continuous monitoring and rapid response to threats at the endpoint level, significantly enhancing an organisation's ability to protect sensitive data and systems.

Regular CRAs enable boards to make informed decisions about resource allocation, prioritise cybersecurity initiatives, and demonstrate a commitment to protecting stakeholder interests. By transforming risk assessment from a compliance exercise to a strategic business tool, organisations can build a more robust and adaptive approach to cybersecurity governance. This approach should include a strong focus on endpoint security through EDR, recognising that endpoints are often the first line of defence against ransomware and other cyber threats.

Education & Best Practice

Ransomware readiness requires more than a well-rehearsed response plan. Boards must also ensure that their organisations have robust preventative measures in place. Regular data backups stored offline are a critical safeguard, enabling organisations to restore systems without paying ransoms. However, backups alone are not enough. Attackers are increasingly exfiltrating data and threatening to release it unless a ransom is paid, adding a new layer of complexity to the decision-making process.

Patch management, employee training, and access controls are essential components of an effective defence.

Ensuring that systems and software are updated regularly can eliminate vulnerabilities, while training employees to recognise phishing attempts can prevent attackers from gaining an initial foothold. Implementing the principle of least privilege, granting users only the access they need to perform their jobs, can limit the spread of ransomware within the network.

Despite these precautions, no organisation can eliminate the risk of a ransomware attack entirely. Boards must view ransomware preparedness as an ongoing process that evolves alongside the threat landscape. This includes integrating cyber security into the organisation’s overall business strategy, conducting regular risk assessments, and fostering a culture of continuous learning.

To Pay Or Not To Pay

One area that boards should consider carefully is whether to pay a ransom if an attack occurs. Governments, including the UK, are debating bans on ransomware payments, particularly for public sector organisations. While these bans aim to cut off the funding that fuels ransomware operations, they also raise difficult questions. If payment is not an option, boards must ensure their organisations are equipped to recover independently. This makes having an incident response plan, robust backups, and cyber insurance even more critical.

Cyber insurance is often seen as a safety net, providing financial support and expert resources to help organisations recover from an attack. However, insurance should not be a substitute for strong preventative measures. Boards must ensure that their organisations view insurance as one component of a comprehensive ransomware strategy, not a primary defence.

Ultimately, ransomware preparedness is about more than mitigating damage during an attack, it is about building resilience. Boards that take an active role in cyber security governance, invest in preventative measures, and practice their response to ransomware scenarios will be better equipped to navigate these crises. Moreover, by demonstrating leadership in this area, boards can safeguard their organisations’ reputations and ensure long-term business continuity.

Boards must step up, not only to protect their organisations, but to set a standard for accountability and resilience in an increasingly hostile digital environment.

James Eason is Practice Lead for Cyber Risk and Compliance at Integrity360

Image: AndreyPopov

You Might Also Read:

The Corporate CISO Role Is Evolving:

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« CYRIN's New Attack Scenario - On An HVAC Scada System
CISOs Increase Crisis Simulation Budgets »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Infosecurity Europe, 3-5 June 2025, ExCel London

Infosecurity Europe, 3-5 June 2025, ExCel London

This year, Infosecurity Europe marks 30 years of bringing the global cybersecurity community together to further our joint mission of Building a Safer Cyber World.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

LogRhythm

LogRhythm

LogRhythm's security platform unifies SIEM, log management, network and endpoint monitoring, user behaviour analytics, security automation and advanced security analytics.

Versasec

Versasec

Versasec is a leader in identity and access management, providing customers with security solutions for managing digital identities.

Egress Software Technologies

Egress Software Technologies

Egress Software Technologies is a leading provider of data security services designed to protect shared information throughout its lifecycle.

TNO Cyber Security Lab

TNO Cyber Security Lab

TNO Cyber Security Lab is a dedicated facility for innovative and experimental research with the goal of a safe and resilient cyberspace.

Tinfoil Security

Tinfoil Security

Tinfoil is a simple, developer friendly service that lets you scan your website for vulnerabilities and fix them quickly and easily.

Intelligent Waves

Intelligent Waves

Intelligent Waves holds and manages contracts to provide an array of intelligence, operational, communications and IT support to the USG in austere, forward-deployed, hazardous duty environments.

Idaho National Laboratory (INL)

Idaho National Laboratory (INL)

INL is an applied engineering laboratory dedicated to supporting the US Dept of Energy's missions in energy research, nuclear science and national defense including critical infrastructure protection.

Oznet Cyber Security

Oznet Cyber Security

Oznet Cyber Security is dedicated to offering integral solutions oriented to the support and security of information.

IPQualityScore (IPQS)

IPQualityScore (IPQS)

IPQS anti-fraud tools provide a real-time fraud score to analyze how likely a user or visitor is to engage in fraudulent behavior.

THEC-Incubator

THEC-Incubator

THEC-Incubator program is designed for international and ambitious tech startups in the Netherlands. Areas of focus include Blockchain and Cyber Security.

Angoka

Angoka

Angoka provide hardware-based solutions for managing the cybersecurity risks inherent in machine-to-machine communication networks.

JupiterOne

JupiterOne

JupiterOne is the security product that is changing how organizations manage and secure their software defined assets.

Netox

Netox

Netox is a comprehensive IT service provider that combines IT support services, IT solutions and specialist services; specializing in cybersecurity solutions.

Ermes

Ermes

Ermes – Intelligent Web Protection provides companies with a solution that effectively secures them against web threats.

COGITANDA Dataprotect

COGITANDA Dataprotect

COGITANDA are a group of companies focused on dealing with cyber risks, managing them and insuring them.

Canary Technology Solutions (Canary IT)

Canary Technology Solutions (Canary IT)

A Cloud, Cyber Security, Retail Solutions and Managed IT Services provider for over 25 years, we safeguard and revolutionise business through technology and foresight.