www.rubrik.com
Open in
urlscan Pro
104.83.4.186
Public Scan
Submitted URL: http://mkto.rubrik.com/Nzk0LU9IRi02NzMAAAGItgQ_ZSec-Oq_QzIEKEY1qgzCdw3tbwyC-jOlvVewlbXNWXKdQgKiVEBXBQX1aYuIgYkiK8k=
Effective URL: https://www.rubrik.com/collections/rubrik101-2022?utm_source=marketo&utm_medium=email&utm_campaign=7018Y000001qNbS&utm_...
Submission: On December 15 via api from US — Scanned from DE
Effective URL: https://www.rubrik.com/collections/rubrik101-2022?utm_source=marketo&utm_medium=email&utm_campaign=7018Y000001qNbS&utm_...
Submission: On December 15 via api from US — Scanned from DE
Form analysis 2 forms found in the DOM
<form class="marketo-form marketo-form--forced mktoForm mktoHasWidth mktoLayoutAbove show-form" id="mktoForm_3866" data-target-id="3866" data-submit-text="Submit" data-marketo-script="//app-abd.marketo.com" data-munchkin-id="794-OHF-673"
novalidate="novalidate" style="font-family: Helvetica, Arial, sans-serif; font-size: 14px; color: rgb(51, 51, 51); width: 3141px;">
<div class="marketo-loading hide">
<div class="throbber" role="alert" aria-live="assertive"></div>
<div class="loading-message" classname="hidden">Please wait for the form to load</div>
</div>
<style type="text/css">
.mktoForm .mktoButtonWrap.mktoInset .mktoButton {
color: #000;
background: #fff;
border: 1px solid #aeb0b6;
padding: 0.4em 1em;
font-size: 1em;
box-shadow: 1px 1px 6px 1px #ccc;
background-color: #f5f5f5;
background-image: -webkit-gradient(linear, left top, left bottom, from(#f5f5f5), to(#dfdfdf));
background-image: -webkit-linear-gradient(top, #f5f5f5, #dfdfdf);
background-image: -moz-linear-gradient(top, #f5f5f5, #dfdfdf);
background-image: linear-gradient(to bottom, #f5f5f5, #dfdfdf);
}
.mktoForm .mktoButtonWrap.mktoInset .mktoButton:hover {
border: 1px solid #999;
}
.mktoForm .mktoButtonWrap.mktoInset .mktoButton:focus {
outline: none;
border: 1px solid #999;
}
.mktoForm .mktoButtonWrap.mktoInset .mktoButton:active {
box-shadow: inset 1px 1px 6px 1px #ccc;
background-color: #dfdfdf;
background-image: -webkit-gradient(linear, left top, left bottom, from(#dfdfdf), to(#f5f5f5));
background-image: -webkit-linear-gradient(top, #dfdfdf, #f5f5f5);
background-image: -moz-linear-gradient(top, #dfdfdf, #f5f5f5);
background-image: linear-gradient(to bottom, #dfdfdf, #f5f5f5);
}
</style>
<div class="mktoFormRow">
<div class="mktoFieldDescriptor mktoFormCol" style="margin-bottom: 10px;">
<div class="mktoOffset" style="width: 10px;"></div>
<div class="mktoFieldWrap mktoRequiredField"><label for="Email" id="LblEmail" class="mktoLabel mktoHasWidth" style="width: 368px;">
<div class="mktoAsterix">*</div>Email Address:
</label>
<div class="mktoGutter mktoHasWidth" style="width: 10px;"></div>
<div class="js-field-wrap"><input id="Email" name="Email" placeholder="" maxlength="255" aria-labelledby="LblEmail InstructEmail" type="email" class="mktoField mktoEmailField mktoHasWidth mktoRequired" aria-required="true"
style="width: 368px;" autocomplete="off" role="presentation" aria-invalid="true"></div><span id="InstructEmail" tabindex="-1" class="mktoInstruction"></span>
<div class="mktoClear"></div>
</div>
<div class="mktoClear"></div>
</div>
<div class="mktoClear"></div>
</div>
<div class="mktoFormRow">
<div class="mktoPlaceholder mktoPlaceholderFirstName"></div>
<div class="mktoPlaceholder mktoPlaceholderLastName"></div>
<div class="mktoClear"></div>
</div>
<div class="mktoFormRow">
<div class="mktoPlaceholder mktoPlaceholderCompany"></div>
<div class="mktoClear"></div>
</div>
<div class="mktoFormRow">
<div class="mktoPlaceholder mktoPlaceholderTitle"></div>
<div class="mktoClear"></div>
</div>
<div class="mktoFormRow">
<div class="mktoPlaceholder mktoPlaceholderPhone"></div>
<div class="mktoClear"></div>
</div>
<div class="mktoFormRow">
<div class="mktoFieldDescriptor mktoFormCol" style="margin-bottom: 10px; display: none;">
<div class="mktoOffset" style="width: 10px;"></div>
<div class="mktoFieldWrap mktoRequiredField"><label for="Country" id="LblCountry" class="mktoLabel mktoHasWidth" style="width: 368px;">
<div class="mktoAsterix">*</div>Country:
</label>
<div class="mktoGutter mktoHasWidth" style="width: 10px;"></div>
<div class="js-field-wrap"><select id="Country" name="Country" title="Country (Required)" aria-labelledby="LblCountry InstructCountry" class="mktoField mktoHasWidth mktoRequired mktoValid" aria-required="true" style="width: 368px;"
placeholder="" aria-invalid="false">
<option value=""></option>
<option value="United States">United States</option>
<option value="Canada">Canada</option>
<option value="Albania">Albania</option>
<option value="American Samoa">American Samoa</option>
<option value="Anguilla">Anguilla</option>
<option value="Antigua and Barbuda">Antigua and Barbuda</option>
<option value="Argentina">Argentina</option>
<option value="Aruba">Aruba</option>
<option value="Australia">Australia</option>
<option value="Austria">Austria</option>
<option value="Bahamas">Bahamas</option>
<option value="Bahrain">Bahrain</option>
<option value="Bangladesh">Bangladesh</option>
<option value="Barbados">Barbados</option>
<option value="Belgium">Belgium</option>
<option value="Belize">Belize</option>
<option value="Bermuda">Bermuda</option>
<option value="Bolivia">Bolivia</option>
<option value="Bonaire, Sint Eustatius and Saba">Bonaire, Sint Eustatius and Saba</option>
<option value="Brazil">Brazil</option>
<option value="Brunei Darussalam">Brunei Darussalam</option>
<option value="Bulgaria">Bulgaria</option>
<option value="Cambodia">Cambodia</option>
<option value="Cayman Islands">Cayman Islands</option>
<option value="Chile">Chile</option>
<option value="China">China</option>
<option value="Colombia">Colombia</option>
<option value="Cook Islands">Cook Islands</option>
<option value="Costa Rica">Costa Rica</option>
<option value="Croatia">Croatia</option>
<option value="Curacao">Curacao</option>
<option value="Cyprus">Cyprus</option>
<option value="Czech Republic">Czech Republic</option>
<option value="Denmark">Denmark</option>
<option value="Dominica">Dominica</option>
<option value="Dominican Republic">Dominican Republic</option>
<option value="Ecuador">Ecuador</option>
<option value="Egypt">Egypt</option>
<option value="El Salvador">El Salvador</option>
<option value="Estonia">Estonia</option>
<option value="Faroe Islands">Faroe Islands</option>
<option value="Finland">Finland</option>
<option value="France">France</option>
<option value="French Guiana">French Guiana</option>
<option value="French Polynesia">French Polynesia</option>
<option value="Germany">Germany</option>
<option value="Greece">Greece</option>
<option value="Greenland">Greenland</option>
<option value="Grenada">Grenada</option>
<option value="Guadeloupe">Guadeloupe</option>
<option value="Guam">Guam</option>
<option value="Guatemala">Guatemala</option>
<option value="Guyana">Guyana</option>
<option value="Haiti">Haiti</option>
<option value="Honduras">Honduras</option>
<option value="Hong Kong">Hong Kong</option>
<option value="Hungary">Hungary</option>
<option value="Iceland">Iceland</option>
<option value="India">India</option>
<option value="Indonesia">Indonesia</option>
<option value="Ireland">Ireland</option>
<option value="Israel">Israel</option>
<option value="Italy">Italy</option>
<option value="Jamaica">Jamaica</option>
<option value="Japan">Japan</option>
<option value="Jordan">Jordan</option>
<option value="Kuwait">Kuwait</option>
<option value="Latvia">Latvia</option>
<option value="Laos">Laos</option>
<option value="Lebanon">Lebanon</option>
<option value="Liechtenstein">Liechtenstein</option>
<option value="Lithuania">Lithuania</option>
<option value="Luxembourg">Luxembourg</option>
<option value="Macao">Macao</option>
<option value="Malaysia">Malaysia</option>
<option value="Maldives">Maldives</option>
<option value="Martinique">Martinique</option>
<option value="Mauritania">Mauritania</option>
<option value="Mexico">Mexico</option>
<option value="Micronesia, Federated States Of">Micronesia, Federated States Of</option>
<option value="Monaco">Monaco</option>
<option value="Montserrat">Montserrat</option>
<option value="Morocco">Morocco</option>
<option value="Myanmar">Myanmar</option>
<option value="Nepal">Nepal</option>
<option value="Netherlands">Netherlands</option>
<option value="New Caledonia">New Caledonia</option>
<option value="New Zealand">New Zealand</option>
<option value="Nicaragua">Nicaragua</option>
<option value="Nigeria">Nigeria</option>
<option value="Norway">Norway</option>
<option value="Oman">Oman</option>
<option value="Pakistan">Pakistan</option>
<option value="Panama">Panama</option>
<option value="Paraguay">Paraguay</option>
<option value="Peru">Peru</option>
<option value="Philippines">Philippines</option>
<option value="Poland">Poland</option>
<option value="Portugal">Portugal</option>
<option value="Qatar">Qatar</option>
<option value="Reunion">Reunion</option>
<option value="Romania">Romania</option>
<option value="Russian Federation">Russian Federation</option>
<option value="Saint Kitts and Nevis">Saint Kitts and Nevis</option>
<option value="Saint Lucia">Saint Lucia</option>
<option value="Saint Vincent and the Grenadines">Saint Vincent and the Grenadines</option>
<option value="Samoa">Samoa</option>
<option value="Saudi Arabia">Saudi Arabia</option>
<option value="Serbia">Serbia</option>
<option value="Singapore">Singapore</option>
<option value="Sint Maarten (Dutch part)">Sint Maarten (Dutch part)</option>
<option value="Slovenia">Slovenia</option>
<option value="Slovakia">Slovakia</option>
<option value="Solomon Islands">Solomon Islands</option>
<option value="South Africa">South Africa</option>
<option value="South Korea">South Korea</option>
<option value="Spain">Spain</option>
<option value="Sri Lanka">Sri Lanka</option>
<option value="Suriname">Suriname</option>
<option value="Swaziland">Swaziland</option>
<option value="Sweden">Sweden</option>
<option value="Switzerland">Switzerland</option>
<option value="Taiwan">Taiwan</option>
<option value="Thailand">Thailand</option>
<option value="Timor-Leste">Timor-Leste</option>
<option value="Trinidad and Tobago">Trinidad and Tobago</option>
<option value="Tunisia">Tunisia</option>
<option value="Turkey">Turkey</option>
<option value="Turks and Caicos Islands">Turks and Caicos Islands</option>
<option value="United Arab Emirates">United Arab Emirates</option>
<option value="United Kingdom">United Kingdom</option>
<option value="Uruguay">Uruguay</option>
<option value="Vanuatu">Vanuatu</option>
<option value="Venezuela">Venezuela</option>
<option value="Vietnam">Vietnam</option>
<option value="Virgin Islands (British)">Virgin Islands (British)</option>
<option value="Yemen">Yemen</option>
<option value="Zambia">Zambia</option>
<option value="Zimbabwe">Zimbabwe</option>
</select></div><span id="InstructCountry" tabindex="-1" class="mktoInstruction">Country (Required)</span>
<div class="mktoClear"></div>
</div>
<div class="mktoClear"></div>
</div>
<div class="mktoClear"></div>
</div>
<div class="mktoFormRow">
<div class="mktoPlaceholder mktoPlaceholderState"></div>
<div class="mktoClear"></div>
</div>
<div class="mktoFormRow">
<div class="mktoFieldDescriptor mktoFormCol" style="margin-bottom: 10px;">
<div class="mktoOffset" style="width: 10px;"></div>
<div class="mktoFieldWrap mktoRequiredField"><label for="PostalCode" id="LblPostalCode" class="mktoLabel mktoHasWidth" style="width: 368px;">
<div class="mktoAsterix">*</div>Postal Code:
</label>
<div class="mktoGutter mktoHasWidth" style="width: 10px;"></div>
<div class="js-field-wrap"><input id="PostalCode" name="PostalCode" placeholder="" maxlength="255" aria-labelledby="LblPostalCode InstructPostalCode" type="text" class="mktoField mktoTextField mktoHasWidth mktoRequired" aria-required="true"
style="width: 368px;" aria-invalid="true"></div><span id="InstructPostalCode" tabindex="-1" class="mktoInstruction"></span>
<div class="mktoClear"></div>
</div>
<div class="mktoClear"></div>
</div>
<div class="mktoClear"></div>
</div>
<div class="mktoFormRow">
<div class="js-field-wrap"><input type="hidden" name="assetName" class="mktoField mktoFieldDescriptor mktoFormCol" value="" placeholder="" autocomplete="off" role="presentation" style="margin-bottom: 10px;"></div>
<div class="mktoClear"></div>
</div>
<div class="mktoFormRow">
<div class="js-field-wrap"><input type="hidden" name="UTM_Partner__c" class="mktoField mktoFieldDescriptor mktoFormCol" value="" placeholder="" autocomplete="off" role="presentation" style="margin-bottom: 10px;"></div>
<div class="mktoClear"></div>
</div>
<div class="mktoFormRow">
<div class="js-field-wrap"><input type="hidden" name="UTM_Source__c" class="mktoField mktoFieldDescriptor mktoFormCol" value="marketo" placeholder="" autocomplete="off" role="presentation" style="margin-bottom: 10px;"></div>
<div class="mktoClear"></div>
</div>
<div class="mktoFormRow">
<div class="js-field-wrap"><input type="hidden" name="UTM_Medium__c" class="mktoField mktoFieldDescriptor mktoFormCol" value="email" placeholder="" autocomplete="off" role="presentation" style="margin-bottom: 10px;"></div>
<div class="mktoClear"></div>
</div>
<div class="mktoFormRow">
<div class="js-field-wrap"><input type="hidden" name="UTM_Campaign__c" class="mktoField mktoFieldDescriptor mktoFormCol" value="7018Y000001qNbS" placeholder="" autocomplete="off" role="presentation" style="margin-bottom: 10px;"></div>
<div class="mktoClear"></div>
</div>
<div class="mktoFormRow">
<div class="js-field-wrap"><input type="hidden" name="UTM_Content__c" class="mktoField mktoFieldDescriptor mktoFormCol" value="" placeholder="" autocomplete="off" role="presentation" style="margin-bottom: 10px;"></div>
<div class="mktoClear"></div>
</div>
<div class="mktoFormRow">
<div class="js-field-wrap"><input type="hidden" name="UTM_Term__c" class="mktoField mktoFieldDescriptor mktoFormCol" value="" placeholder="" autocomplete="off" role="presentation" style="margin-bottom: 10px;"></div>
<div class="mktoClear"></div>
</div>
<div class="mktoFormRow">
<div class="js-field-wrap"><input type="hidden" name="Adobe_Experience_Cloud_ID__c" class="mktoField mktoFieldDescriptor mktoFormCol" value="" placeholder="" autocomplete="off" role="presentation" style="margin-bottom: 10px;"></div>
<div class="mktoClear"></div>
</div>
<div class="mktoFormRow">
<div class="js-field-wrap"><input type="hidden" name="GCLID__c" class="mktoField mktoFieldDescriptor mktoFormCol" value="" placeholder="" autocomplete="off" role="presentation" style="margin-bottom: 10px;"></div>
<div class="mktoClear"></div>
</div>
<div class="mktoFormRow">
<div class="mktoFieldDescriptor mktoFormCol" style="margin-bottom: 10px;">
<div class="mktoOffset" style="width: 10px;"></div>
<div class="mktoFieldWrap no-float check-radio"><label for="Email_Opt_In__c" id="LblEmail_Opt_In__c" class="mktoLabel mktoHasWidth" style="width: 0px;">
<div class="mktoAsterix">*</div>
</label>
<div class="mktoGutter mktoHasWidth" style="width: 10px;"></div>
<div class="mktoLogicalField mktoCheckboxList mktoHasWidth mktoValid" style="width: 300px;" aria-invalid="false"><input name="Email_Opt_In__c" id="mktoCheckbox_45458_0" type="checkbox" value="yes"
aria-labelledby="LblEmail_Opt_In__c LblmktoCheckbox_45458_0 InstructEmail_Opt_In__c" class="mktoField" autocomplete="off" role="presentation"><label for="mktoCheckbox_45458_0" id="LblmktoCheckbox_45458_0">*Please opt-in to receive future
marketing communications from Rubrik. I understand I can always opt out of marketing emails per the Rubrik <a href="https://www.rubrik.com/privacy-policy/" target="_blank">Privacy Policy</a></label></div><span id="InstructEmail_Opt_In__c"
tabindex="-1" class="mktoInstruction"></span>
<div class="mktoClear"></div>
</div>
<div class="mktoClear"></div>
</div>
<div class="mktoClear"></div>
</div>
<div class="mktoFormRow">
<div class="js-field-wrap"><input type="hidden" name="clearbitFormStatus" class="mktoField mktoFieldDescriptor mktoFormCol" value="" placeholder="" autocomplete="off" role="presentation" style="margin-bottom: 10px;"></div>
<div class="mktoClear"></div>
</div>
<div class="mktoFormRow">
<div class="js-field-wrap"><input type="hidden" name="Website_Asset__c" class="mktoField mktoFieldDescriptor mktoFormCol" value="en-pdf-ransomware-in-focus-report.pdf" placeholder="" autocomplete="off" role="presentation"
style="margin-bottom: 10px;"></div>
<div class="mktoClear"></div>
</div>
<div class="mktoFormRow">
<div class="js-field-wrap"><input type="hidden" name="Form_ID__c" class="mktoField mktoFieldDescriptor mktoFormCol" value="3866" placeholder="" autocomplete="off" role="presentation" style="margin-bottom: 10px;"></div>
<div class="mktoClear"></div>
</div>
<div class="mktoButtonRow"><span class="mktoButtonWrap mktoInset" style="margin-left: 7px;"><button type="submit" class="mktoButton">Submit</button></span></div><input type="hidden" name="formid" class="mktoField mktoFieldDescriptor" value="3866"
autocomplete="off" role="presentation"><input type="hidden" name="munchkinId" class="mktoField mktoFieldDescriptor" value="794-OHF-673" autocomplete="off" role="presentation">
</form><form class="marketo-form marketo-form--forced mktoForm mktoHasWidth mktoLayoutAbove" data-target-id="3866" data-submit-text="Submit" data-marketo-script="//app-abd.marketo.com" data-munchkin-id="794-OHF-673" novalidate="novalidate"
style="font-family: Helvetica, Arial, sans-serif; font-size: 14px; color: rgb(51, 51, 51); visibility: hidden; position: absolute; top: -500px; left: -1000px; width: 1600px;"></form>Text Content
* * * CONTACT US * Ransomware in focus * The Home Depot Manages a Large-Scale Rubrik Deployment * Zero Trust Data Security For Dummies * The Definitive Guide to Zero Trust Data Security™ * Backup & Recovery Best Practices * Best Practices Guide: Prepare and Recover from a Ransomware Attack * The Definitive Guide to Rubrik Cloud Data Management * Protecting Hybrid and Multi-cloud Data * Magic Quadrant™ for Enterprise Backup and Recovery Software Solutions * Rubrik Explore * Try Rubrik Now * Rubrik + Estée Lauder: Securing At-Risk Data for Growing Beauty Empire * You're in Good Hands with Allstate and Rubrik / 37 210% RANSOMWARE IN FOCUS N E W R E S E A R C H O N C I S O PERCEPTIONS, PERSPECTIVES A ND P L A N S F O R WEATHERING THE STORM 2021 TABLE OF CONTENTS SPONSORED BY 3 RANSOMWARE IN FOCUS 4 Introduction 4 Methodology 4 Key Findings 6 DETAILED FINDINGS 8 Impact and Response 8 Expectations for the Next Twelve Months 10 CISOs Concerns about Ransomware Impacts 13 To Pay or Not to Pay? 15 Current and Planned Mitigation Efforts 17 Strengthening Defenses 19 Ransomware Insurance 24 What Holds CISOs Back? 26 GOING FORWARD 29 ABOUT OUR SPONSORS 31 CISO BOARD OF ADVISORS 34 RESEARCH TEAM 37 32021 REPORT SPONSORED BY 42021 REPORT While ransomware is not a new phenomenon, 2020 brought a significant acceleration of attacks capitalizing on the pandemic-forced shift to remote work, the proliferation of Initial Access Brokers and the ready availability of ransomware as a service. With all of the headlines and hype, we wanted to understand the true perspectives of those who shoulder the burden of responsibility for managing the impacts of ransomware on a business: Chief Information Security Officers (CISOs). In August 2021, we conducted a study of these senior- level executives to assess their ransomware experiences, concerns, and priorities for protecting their organizations going forward. This report, reflecting input from over 250 CISOs, presents what we learned. Introduction Methodology This study utilized a quantitative survey that was designed with guidance from a Board of CISOs working at large, private sector organizations predominantly in the United States. Respondents were recruited through their direct relationships with CISOs Connect and from a well- screened panel. We received 250 survey completions from respondents identifying as CISOs or CISO-equivalents across a broad range of industry sectors. All responses were anonymous. Additionally, we conducted in-depth discussions with members of our Board, a group particularly known for their strong technical and business acumen, to get their detailed perspectives on ransomware as a leading cyber threat. You will find insights and best practice recommendations from them throughout this report. RANSOMWARE IN FOCUS 52021 REPORT How many employees are in your organization worldwide? 500-999 EMPLOYEES 1,000-4,999 EMPLOYEES 100-499 EMPLOYEES 10,000-25,000 EMPLOYEES 25,000+ EMPLOYEES 5,000 - 9,999 EMPLOYEES LESS THAN 100 EMPLOYEES 7% 8% 14% 31% 15% 13% 12% FINANCE & FINANCIAL SERVICES MANUFACTURING TELECOM & TECHNOLOGY HEALTHCARE & PHARMACEUTICALS PROFESSIONAL SERVICES RETAIL & CONSUMER DURABLES CONSTRUCTION & MACHINERY ENTERTAINMENT & LEISURE OTHER EDUCATION AUTOMOTIVE TRAVEL & TRANSPORTATION GOVERNMENT / PUBLIC SECTOR BUSINESS SUPPORT & LOGISTICS ENERGY. EXTRACTION & UTILITIES NOT-FOR-PROFIT LEGAL FOOD & BEVERAGE AGRICULTURE REAL ESTATE INSURANCE HOSPITALITY 16.0% 13.2% 12.8% 10.8% 9.6% 9.2% 4.8% 4.0% 3.6% 3.6% 2.0% 1.6% 1.6% 1.6% 1.2% 0.8% 0.8% 0.8% 0.8% 0.4% 0.4% 0.4% Figure 2. Figure 1. Which best describes your organization’s primary industry? 62021 REPORT 1. CISOs recognize ransomware as the #1 threat they face. That is due to the multiple high-value impacts ransomware can impose: operational, financial, legal, reputational and more. Given the breadth of potential access points, preparing ransomware defenses involves everyone and everything in the organization - from users and endpoints to the data center and the cloud. 2. Unfortunately, there is no relief in sight. 69% of respondents consider it likely they’ll be successfully hit at least once in the next year. With only 53% of them having been hit in the past year, this signals an expectation that the ransomware problem will get worse before it gets better. 3. Mid-sized organizations are at the center of the ransomware crosshairs. While 53% of respondents overall were successfully hit by ransomware in the past year, the rate is noticeably higher (reaching almost two thirds) for companies with between 1,000 and 9,999 employees. In addition, this same segment expects to be hit at a greater rate in the coming year: 80%, compared to a 69% average across all segments. 4. Ransomware gains cyber its seat at the big table. With so many high-profile attacks publicized over the last year, the ransomware threat is serving to highlight the importance of cybersecurity to the Board level like nothing else before it. For perhaps the first time, executive leadership and the Board are not seen as obstacles to CISOs pursuing the level of defenses they need to effectively protect against a specific threat. 5. The ransom itself is not a top concern. Paying is obviously controversial, as it isn’t even a guaranteed short-term solution, and in the longer term it rewards threat actors while incentivising them to continue ransomware attacks. But the inclination to pay is understandable for several good reasons: business continuity or even survival, the cost-benefit of paying vs. recovering on your own, and growing concerns about data exposure. Regardless, CISOs’ biggest cost worries come from recovery and restoration of business operations, which can be far more expensive than a currency payout. They’re also very concerned about data exfiltration and the resulting risks to their business. Key Findings 72021 REPORT 6. Are businesses prepared to make a ransom payment? Even if the actual payment amount is a lower concern, a payment may still have to be made. Input from our CISO Board strongly emphasizes that paying a ransom must be a pre-vetted business decision founded on thorough cost-benefit analysis and scenario modeling. CISOs know they’re being targeted, yet very few indicate their organization has taken proactive steps like allocating a ransom budget, setting up a cryptocurrency account or retaining a third-party payment broker. While the inaction may indicate some level of organizational denial (it won’t really happen to us!), it may also reflect the challenge of engaging active participation from other parts of the organization to build and vet the business case. 7. The total cost of an attack can be steep. There is a 1-in-5 chance that a successful hit will cost your organization more than $5M in total - that’s out-of-pocket along with the significant costs of recovery. There’s a 1-in-20 chance the total impact will be greater than $50M! You can increase your odds of minimizing cost impacts by maintaining a stringent backup regimen and a solid defense-in-depth strategy. 8. Zero Trust is a key defense. Network segmentation technology is #1 on the ransomware defense shopping list for the coming year. Commentary from across our CISO Board also stressed the importance of implementing and enforcing least privileged access control. It’s clear that a Zero Trust approach is viewed as a leading way to help stem the tide of ransomware and the other cyber threats that are still very present in the ecosystem. 82021 REPORT We directly addressed a challenging question: in the last 12 months, have you been hit by a successful ransomware attack? (“Successful” meaning some number of computers were affected, and data was encrypted and/or threatened to be exposed.) While a small number of respondents declined to answer based on confidentiality concerns (even with survey anonymity), over half admitted that they had been hit once, with over a quarter being hit more than once. Mid-sized organizations experienced the greatest number of successful ransomware hits, with those in the 1,000-4,999 employee range faring the worst (67.5%) followed by those with 5,000-9,999 employees (62.2%). This may reflect security challenges for companies that are on a good growth trajectory but not big enough to have the greater resources and stronger defenses that large enterprises often enjoy. Impact and Response How many times was your organization hit by a successful ransomware attack in the last 12 months? MORE THAN ONE TIME CONFIDENTIAL / CAN’T RESPOND ONE TIME NONE 23% 4% 30% 43% Figure 3. 500-999 EMPLOYEES 1,000-4,999 EMPLOYEES 100-499 EMPLOYEES 10,000-25,000 EMPLOYEES 25,000+ EMPLOYEES 5,000 - 9,999 EMPLOYEES LESS THAN 100 EMPLOYEES 20.0% 30.0% 54.3% 67.5% 62.2% 54.8% 39.3% Successful ransomware attacks, by size of organization Figure 4. DETAILED FINDINGS 92021 REPORT Certain industries experienced a greater level of successful attacks than others. Companies in the manufacturing sector (which has historically under-invested in cybersecurity) led the way, with an 81% successful hit rate for our sample. Those in the sector encompassing telecommunications, technology, internet and electronics followed closely behind, with a nearly 80% hit rate. As these two sectors in particular have highly complex supply chains, there may be some connection to the numerous successful hits and the common vulnerabilities found within supply chains that make member networks fruitful access points for reaching the ultimate target organization. Retail came in somewhat lower, but at a still high 61%. Financial services experienced just over 50%, with healthcare following closely at 48%. That latter statistic is perhaps a bit surprising given the critical nature of the healthcare industry and its legacy of under- spending on cybersecurity, which would seem to make healthcare organizations a greater than average target. For those that were successfully hit, the financial impacts were not trivial. While close to four out of ten were able to get away with relatively minor cumulative costs, just over two out of ten suffered considerably in this regard, accumulating a financial impact of more than $5M. Nearly one in twenty fell into the unenviable position of losing more than $50M. MANUFACTURING TELECOM & TECHNOLOGY CONSTRUCTION & MACHINERY RETAIL FINANCIAL SERVICES HEALTHCARE PROFESSIONAL SERVICES 81.3% 79.3% 75.0% 60.9% 53.7% 48.1% 43.5% Successful ransomware attacks, by industry Figure 5. “If you were hit with ransomware right now, do you know how you could recover from it? How often are you doing backups - every four hours? every eight hours? daily? weekly? monthly? This is where the business needs to be involved in determining how long can you go without some systems before there is an impact. Then you have to scope and design your systems so you can recover within that window or put a price tag on what exceeding that window is going to cost. It’s about doing the due diligence, making sure you’ve got everything in place to recover from it gracefully.” CISO and VP of IT, Large Retail Enterprise 102021 REPORT 21.2% 17.4% 18.2% 22.0% 8.3% 8.3% 4.5% $100K-$1M $1M-$5M$10K-$100K $10M-$50M > $50M$5M-$10MNEGLIGIBLE COST Total cost of ransomware attacks Figure 6. Respondents reported that the percentage of their cumulative losses representing hard costs of paying a ransom versus the costs of response and recovery came out at close to even. However, the weightiness of those impacts is not of equal concern to our CISOs, as we will cover in a bit. When asked if they expect their organization to be successfully hit by ransomware in the next twelve months, there is a notable shift in the pessimistic direction. Only 23% of our respondents said that it is somewhat unlikely, and only 7% are fully confident in their defenses, saying it is not likely at all. That is an interesting juxtaposition to the 43% who reported not having been successfully hit in the prior twelve months. A full 69% consider it somewhat or very likely that they will be successfully hit at least once. Since 53% reported having been hit in the past year, this signals an expectation that the ransomware problem is going to get worse before it gets better. In a bit of a silver lining, only 12% of respondents consider it very likely that they will be successfully hit multiple times, when nearly twice as many (23.8%) were actually Expectations for the Next Twelve Months “Ransomware is the biggest threat now. It has a financial risk component, an operational risk component, a compliance and legal risk component, and it has a reputational risk component, because even if you have recovered, the attacker still has data he can threaten you with.” Angel Redoble, CISO, PLDT Group “Ransomware has got to be right at the top of the threat list. The other threats haven’t gone away, but ransomware is extending it.” David Levine, VP Corporate & Information Security, CSO, Ricoh USA, Inc. 112021 REPORT hit multiple times in the past year. That may suggest a small but growing feeling of confidence in CISOs that they are getting prevention around this problem at least somewhat figured out. Or, based on so many high-profile attacks, they may have been granted more budget to implement defensive programs (we discuss that farther on). That perspective is reinforced by responses to later questions in this study that indicate where CISOs feel they are “already in good shape” with regard to certain defensive technologies and practices (see Figures 22 and 23). We will need to see how that bears out in coming months. When we look at the breakout by organization size, expectations mirror past experience, as those having between 1,000-4,999 employees and 5,000-9,999 employees—the group that experienced the highest hit rates in the last twelve months—have the highest expectations for being hit again. The smallest and the largest organizations have the greatest confidence and lowest expectations for being hit. Expected ransomware attacks in the next 12 months SOMEWHAT LIKELY TO BE HIT AT LEAST ONCE VERY LIKELY TO BE HIT AT LEAST ONCE SOMEWHAT UNLIKELY TO BE HIT AT ALL VERY LIKELY TO BE HIT MULTIPLE TIMES NOT LIKELY TO BE HIT AT ALL 7% 24% 40% 12% 17% Figure 7. “The reason ransomware has this much notoriety is because it has that instant gratification for the intruder. Pull the switch, and all hell breaks loose. Unfortunately, this is going to keep getting worse, because there’s more and more emphasis by the hacking community to come up with more harsh ways of creating malware payloads. CISO, Large Healthcare Enterprise 122021 REPORT While it is understandable that very large organizations are confident in their defenses, it is likely that the smallest organizations feel the least vulnerable because presumably they are not on attackers’ radar. That is not necessarily sound logic, given the accelerated supply chain attacks most industries are experiencing. As a member of our CISO Board put it, you need to look where you are in the supply chain of the company that is the real target. Expectations to be hit by industry sector show that retail and healthcare, in particular, are expecting things to get worse. Only 60% of retail respondents were successfully hit in the last year, but that number jumps to 82.6% for expectations to be hit in the next year. Healthcare jumps from 48% actually hit to 70.4% expecting to be hit. “Businesses under a certain revenue or market share are not going to make that big of a news article. The impact is there, but it’s at a smaller scale. It’s not that they’re not being targeted, they’re just not getting known, even when the attack causes their business to be permanently shutdown.” CISO, Large Healthcare Organization “You might not be as newsworthy as some of the bigger organizations, but you’re deluding yourself that you’re not a target. Go on to the dark web and do some searches, you’ll find your information, and you’ll realize the scope of this problem is not relegated to any one industry, company or size.” Dave Ruedger, CISO, Invitae 500-999 EMPLOYEES 1,000-4,999 EMPLOYEES 100-499 EMPLOYEES 10,000-25,000 EMPLOYEES 25,000+ EMPLOYEES 5,000 - 9,999 EMPLOYEES LESS THAN 100 EMPLOYEES 50.0% 52.4% 66.7% 75.3% 82.1% 69.7% 56.7% Expect to be hit at least once in next 12 months, by size Figure 8. 132021 REPORT CONSTRUCTION & MACHINERY 91.7% RETAIL 82.6% MANUFACTURING 79.4% TELECOM & TECHNOLOGY 71.9% HEALTHCARE 70.4% FINANCIAL SERVICES 63.4% PROFESSIONAL SERVICES 54.2% Expect to be hit at least once in next 12 months, by industry Figure 9. When asked about which ransomware impacts they are most concerned, exposure of sensitive data topped the list with a 4.11 weighted response average (WAVG). That is not surprising given that data is the lifeblood of every modern organization, and its exposure can cause all manner of harm. This finding also indicates that CISOs understand the increasing threat of “double-barrel” demands for payment plus extortion, and accept it as the new reality. Beyond that top issue, the responses for other impacts show that all of them cause significant concern. In fact, the spread between the highest and lowest concern is only a half point. Clearly, CISOs have a lot to worry about. Still, some issues are higher priority than others. CISOs Concerns about Ransomware Impacts “What you should do is just skew towards making everything disposable. Don’t keep data where it doesn’t belong, and make sure that everything that is important has a backup and is recoverable. That’s the best possible approach.” Dave Ruedger, CISO, Invitae 142021 REPORT Concerns about the hard cost of recovering and restoring operations after a successful ransomware attack (3.99 WAVG) are about equal to the loss of revenue from operational disruption (3.98 WAVG). This finding demonstrates that ransomware is truly a business problem, and CISOs understand and feel the pressure of that impact. As a sort of mixed blessing and curse, at least the ransomware threat is serving to elevate the importance of cybersecurity to the Board level like nothing we’ve seen before. Damage to brand reputation follows (3.94 WAVG), although it is slightly less critical than the top three concerns. That is perhaps because reputation can be recovered over time, as consumers and customers grow desensitized to the headlines about the cyber-attack of the week and the feeling of inevitability takes over. Interestingly, the least worrisome impacts include the loss of employee productivity from operational disruption (3.57 WAVG) – possibly because people can be pretty good at finding workarounds to get their jobs done. Productivity loss ranks about equal to concern about the actual hard cost of a ransom payment (3.56 WAVG). Threat actors are wisening up to the reality of setting their demands to a level that organizations will actually pay, either because the amount is low enough or because it’s aligned with an organization’s insurance benefit. The issue of least of concern was regulatory fines. While CISOs don’t want their Boards to be upset at such transgressions, the amounts of actual fines may suit a checkbox mentality. The impact relative to data exposure and cost of recovery is just not as significant. What does all of this mean? We offer the mercurial but truly valid answer of ‘it depends.’ For instance, if your organization provides critical services (think healthcare, or fuel and power distribution), then getting systems back online ASAP is the priority, while hard costs and other issues are secondary. If your organization is smaller or less well-established, then the threat of having to shutter your entire business because of a crippling ransomware attack is a make-or-break issue. The bottom line is that breach impact is complex, and every facet must be considered and factored into business continuity planning according to each organization’s risk tolerance. “In the past CISOs used to talk about the one big breach for the year, but now it’s a question of how many companies were breached in the last 24 hours? And, frequently, they don’t garner much attention unless it’s particularly bad or unique.” David Levine, VP Corporate & Information Security, CSO, Ricoh USA, Inc. 152021 REPORT EXPOSURE OF SENSITIVE OR PROPRIETARY DATA HARD COST OF RECOVERING AND RESTORING TO NORMAL OPERATIONS LOSS OF REVENUE DUE TO OPERATIONAL DISRUPTIONS DAMAGE TO BRAND REPUTATION INTERRUPTION OF CRITICAL SERVICES/INFRASTRUCTURE LOSS OF CUSTOMER PRODUCTIVITY OR SATISFACTION INABILITY TO RECOVER BUSINESS-CRITICAL DATA HAVING TO CLOSE/SHUTDOWN THE BUSINESS LOSS OF EMPLOYEE PRODUCTIVITY DUE TO OPERATIONAL DISRUPTIONS HARD COST OF PAYING THE RANSOM HARD COST OF REGULATORY COMPLIANCE/FINES 4.11 3.99 3.98 3.94 3.90 3.89 3.76 3.59 3.57 3.56 3.51 How concerned are you about the following potential impacts from a ransomware attack? (1 = low concern, 5 = high concern) Figure 10. For those who were successfully hit, more were inclined to pay the ransom than not. Slightly more than 65% paid, but to varying returns on their investment. Indeed, for those that paid the ransom, doing so only led to a full recovery of data slightly more than half the time (55%). For the remaining 45% of cases, the result was less than ideal. For just over a third (34%), partial data recovery was the outcome (we were even told of a company that got their data back in one very big flat file), while 11% suffered the unfortunate fate of getting nothing back in exchange for paying the ransom. Returning to the aggregate results, a third of respondents didn’t pay but were able to recover their data anyway, presumably through a strong backup regimen. Unfortunately, two percent didn’t pay, and lost it all. To Pay or Not to Pay? “I’d hate to be in the firefight and have to make that decision on the fly. Hopefully, you’ve made that business decision prior to when you need it. Attackers know more about your company than you think. They know how much every hour and every day of interruption costs, and they right-size the ransom to where they get paid. If it’s going to cost us $12 million to restore services, and they’re only asking for $1M, how do you look to your shareholders and those who have a financial interest in your company and say we chose to go the $12 million route instead of the $1 million route? “ CISO and VP of IT, Large Retail Enterprise 162021 REPORT This begs the question: should one pay in a ransom situation? Even partial data recovery has some value. While paying reinforces the problem and fuels the ransomware epidemic, it’s understandable that at least some organizations will pay given the serious potential impacts of not paying. We noted earlier that threat actors have taken to right-sizing ransom demands to palatable amounts or to align with insurance coverage. Because many companies now carry ransomware insurance (we discuss that a bit later), there may be a sense that the insurance provider will own the payment burden – although the premiums are getting steep. But also, the growing trend of attackers threatening to expose sensitive data is likely convincing more companies that paying could be in their best interest. “There are a number of legal issues associated with paying ransom. Know the rules for whether or not it is possible to pay a ransom in a way that is compliant with federal laws on money laundering. You’re transferring money to someone, and you don’t know who they are, where they are, and what they’re going to do with it. You run the risk of engaging in a financial transaction with a prohibited nation. Then, other regulations require use of a money transfer agent that’s federal and state licensed. Coinbase is not. You’re also required to report financial funds transfers that are more than a certain dollar amount. Is cryptocurrency a funds transfer? How are you going to treat this for tax purposes? Will the cost of paying the ransom be covered by insurance? Will the costs of NOT paying be covered by insurance? You don’t want to pay this out of your pocket.” Mark Rasch, Cybersecurity Legal Expert PAID RANSOM, FULLY RECOVERED DATA PAID RANSOM, PARTIALLY RECOVERED DATA PAID RANSOM, HAD TO RECOVER DATA ANOTHER WAY DID NOT PAY RANSOM, RECOVERED DATA DID NOT PAY RANSOM, DID NOT RECOVER DATA 36.4% 22.1% 7.1% 32.1% 2.1% Response and outcome to ransomware attack Figure 11. 172021 REPORT “Some of it is security awareness training, some of it is additional endpoint controls. Now you start to build the argument of defense-in-depth. We know we’re going to remove a majority of our risk by having multi-factor authentication. Then we get better endpoint protections, and we’ve reduced that risk even further. Then we add in data protection controls, and now we’re down to a risk level that is fairly well managed at any given point in time.” Dave Ruedger, CISO, Invitae Given the suboptimal future outlook, we asked respondents about the likelihood that their organization would pay a ransom if successfully attacked in the next twelve months. Two thirds of respondents fall into a middle group (somewhat likely/50-50/somewhat unlikely) that reflects the ‘it depends’ reality we previously discussed. Only 13% say it’s very likely they will pay, and 20% say they won’t. This suggests a balancing of forces, with a greater inclination to pay as a result of payment being an informed business decision offset by the headway organizations are making in improving their prevention and mitigation capabilities. Unsurprisingly, the smallest organizations are least inclined to pay. They have the fewest resources, although arguably the most to lose as a total, unrecoverable lock-up of their data could put them out of business. Midsized organizations, again those most hit successfully in the past, are most inclined to pay. Current and Planned Mitigation Efforts ABOUT 50-50 SOMEWHAT UNLIKELY SOMEWHAT LIKELY NOT LIKELY VERY LIKELY 13% 22% 25% 20% 20% If hit by a successful ransomware attack in the next 12 months, how likely is your organization to pay the ransom? Figure 12. 182021 REPORT With the notable exception of professional services, all of our other top respondent industry sectors rated above the 35.6% average for being ‘more inclined to pay than not’ (i.e., the sum of “very likely” and “somewhat likely” from Figure 12). “You need to have a plan and build readiness into your infrastructure: cyber resilience, cyber readiness, ransomware readiness, which is engaging with a company that can help you negotiate and pay the ransom, also a forensics company that can help you figure out what happened, and data backup and restoration. Do that right away.” Mark Rasch, Cybersecurity Legal Expert 500-999 EMPLOYEES 1,000-4,999 EMPLOYEES 100-499 EMPLOYEES 10,000-25,000 EMPLOYEES 25,000+ EMPLOYEES 5,000 - 9,999 EMPLOYEES LESS THAN 100 EMPLOYEES 6.7% 20.0% 31.4% 45.3% 41.7% 27.6% 41.4% More inclined to pay ransom than not, by size of organization Figure 13. CONSTRUCTION & MACHINERY TELECOM & TECHNOLOGY MANUFACTURING RETAIL FINANCIAL SERVICES HEALTHCARE PROFESSIONAL SERVICES 50.0% 48.4% 47.8% 40.0% 39.1% 38.7% 18.2% More inclined to pay ransom than not, by industry Figure 14. 192021 REPORT Obviously CISOs are laser-focused on countermeasures to mitigate the impacts of increasingly likely ransomware attacks. We asked respondents about their perceived importance of a variety of leading defensive technologies and practices. Not surprisingly, the most important countermeasure is data backup and recovery, followed by measures that involve endpoint and user vulnerabilities, where some of the greatest risks are found. In this regard, security teams also need to consider the growing population of IoT, IoMT, and OT devices – many of which are unable to accommodate agent software as the means for establishing visibility and protection. Strengthening Defenses “Earlier this year, it was almost every two or three days a company was getting hit. It was becoming high visibility. I knew our Board would ask about it. So, I made it a key part of my reporting metrics at the Board level. I want to give them assurance that we recognize this is a huge risk area.” Dave Ruedger, CISO, Invitae DATA BACKUP & RECOVERY ENDPOINT PROTECTION PLATFORM (EPP) EMAIL SECURITY (WITH PHISHING DETECTION) USER AWARENESS/TRAINING PATCH & CONFIGURATION MANAGEMENT ANTI-VIRUS/ANTI-MALWARE NETWORK SEGMENTATION DATA ENCRYPTION THREAT INTELLIGENCE SERVICE(S)/SHARING PLATFORM USER AND ENTITY BEHAVIOR ANALYTICS (UEBA) DATA LOSS / LEAK PREVENTION (DLP) THIRD-PARTY PEN TESTING DECEPTION TECHNOLOGY (I.E., VIRTUAL HONEYPOTS) 4.39 4.29 4.26 4.24 4.17 4.12 4.09 3.99 3.92 3.79 3.76 3.59 3.47 Most Important Countermeasures Figure 15. Pragmatically, all of the technologies and practices listed are, to a large degree, ‘important,’ with ratings having a spread of less than one point. This reflects the need for multi-layered defenses. It also suggests that whatever defenses respondents already have in place or are putting in place next is more a matter of an organization’s cybersecurity program maturity than of the merit of any particular technology. So where are respondents in that defensive journey? 202021 REPORT Currently, the most widely used defenses for ransomware center around endpoint and user protections, and data backup and recovery, where plans show the intent to improve further. That respondents already feel confident in these defenses is encouraging given the nature of the ransomware threat and how it operates. This illustrates a focus on closing down key entry points and, of course, being ready to restore and recover critical business data. “You need to be able to connect everything and to correlate everything. To do that, you need to be able to see everything. Without visibility, there’s no way you can correlate, detect and prevent.” Angel Redoble, PDLT Group Already in good shape Plan to upgrade Plan to add No plans Anti-virus / anti-malware 74.1% 13.4% 10.9% 1.6% Email security (w/ phishing detection) 64.9% 17.3% 15.3% 2.4% Data backup & recovery 60.7% 23.5% 14.2% 1.6% Endpoint protection platform (EPP) 59.8% 17.1% 19.5% 3.7% User awareness/training 58.9% 20.2% 18.1% 2.8% Patch & configuration management 51.4% 24.7% 18.6% 5.3% Third-party pen testing 47.1% 15.7% 22.3% 14.9% Data encryption 46.8% 27.8% 18.5% 6.9% Threat intelligence services(s)/sharing platform 46.3% 22.0% 22.0% 9.8% Network segmentation 38.4% 27.8% 27.8% 6.1% Data loss/leak prevention (DLP) 38.2% 22.8% 27.2% 11.8% User & Entity Behavior Analytics (UEBA) 34.8% 18.9% 31.6% 14.8% Deception technology 34.3% 18.2% 21.5% 26.0% Which of the following countermeasures are currently in use or planned for implementation/upgrade (within 12 months) by your organization to mitigate the impact of ransomware attacks? Table 1. 212021 REPORT For half or more of respondents, ransomware defenses that are at the top of the coming year’s shopping list (whether for adding or upgrading) include network segmentation, data loss prevention (DLP), and user & entity behavior analytics (UEBA), with data encryption listed by close to half (46%). It makes sense to see these countermeasures prioritized; all are generally more difficult to implement and manage, and/or are newer technologies for organizations to adopt. Network segmentation’s top billing is not surprising given increasing adoption of Zero Trust Network Access (ZTNA). Zero Trust requires not only that every access attempt be verified, but also that the scope of access granted is minimized in accordance with the principle of least privileges. This approach limits the lateral movement an attacker can achieve after breaching a network, in turn limiting the damage that can be wrought. The practice of network segmentation was even included as a top recommendation in the White House guidance on ransomware protections for businesses issued in June 2021. The high degree of interest in UEBA also makes sense. It speaks, in general, to the need for organizations to not focus solely on preventive measures. Getting hit by malware/ ransomware and other classes of threats is inevitable. In such instances, having the means to efficiently and effectively detect and respond to the incident could be the difference between another routine malware event and one that has a $5M impact (see Figure 6). It is somewhat surprising to see the middle-of-the-road positioning of patching and configuration management, which is both central to good cyber hygiene and crucial to reducing the attack surface. Deception technology shows the lowest level of both current adoption and intent to adopt. “Do you have proper segmentation? I’m worried about east-west lateral movement. It does you no good if all an attacker needs is one entrance. Then, if he has lateral movement internally throughout the company, that actually puts you at severe risk. Treat your computing environment like a submarine, so that if any one portion fails, the whole sub doesn’t go to the bottom of the ocean. You want to compartmentalize as much as you can, especially your mission critical assets.” CISO and VP of IT, Large Retail Enterprise “The number one thing is good, isolated/immutable backups of everything you need to continue your business, that’s your failsafe. Segmentation is also a huge mitigation strategy. The more you can segment your network the better. If you do get hit, ideally, you can limit the incursion to a specific segment of your network and it doesn’t just run rampant. Doing tabletop exercises is another key activity along with having ransomware playbooks and good overall cyber hygiene.” David Levine, VP Corporate & Information Security, CSO, Ricoh USA, Inc. 222021 REPORT Along with defensive technologies and practices, we inquired about which proactive business preparations respondents have made in anticipation of a successful ransomware attack. Close to 72% have created an incident response plan, and 52% have created a business continuity plan. It is somewhat surprising that those percentages are not even higher, given the clear risks. It’s also curious to note that relatively few respondents (one quarter or less) have made preparations for actual ransom payment, should it be needed. Since this data reflects action previously taken, it may be that more organizations are planning to adopt such preparations given the acknowledged increase in the level of threat. In any event, given the scope of the ransomware problem, proactively identifying an intermediary who can engage threat actors directly to negotiate asset reacquisition or payment settlement confidentially seems like a prudent step to us. Cryptocurrencies like Bitcoin and related blockchain technologies are an interesting variable in the ransomware equation. They not only threw open the door for rampant ransomware attacks, but they also offer some frighteningly innovative ways to fuel its expansion, like establishing mechanisms to reward cybercriminals for specific malicious behaviors, and even to engage ‘investors.’ Still, organizations are not proactively amping up their cryptocurrency reserves. While there have been some headlines about companies setting up accounts, only 15% of respondents had actually taken that step. It is true that companies could rely on third- party payment brokers to build reserves for them, but only 17% of respondents have retained such a broker. This could be setting a lot of organizations up for a scramble if they need to pay a ransom in short order. CREATED AN INCIDENT RESPONSE PLAN PURCHASED RANSOMWARE INSURANCE CONDUCTED A BUSINESS IMPACT ANALYSIS CREATED/UPDATED A BUSINESS CONTINUITY PLAN ALLOCATED A SPECIFIC BUDGET AMOUNT RETAINED A 3RD-PARTY PAYMENT BROKER SET UP BITCOIN RESERVES 71.8% 55.2% 53.6% 52.4% 26.6% 17.3% 15.3% Have you made any proactive business preparations specifically for a ransomware event? Figure 16. 232021 REPORT 500-999 EMPLOYEES 1,000-4,999 EMPLOYEES 100-499 EMPLOYEES 10,000-25,000 EMPLOYEES 25,000+ EMPLOYEES 5,000 - 9,999 EMPLOYEES LESS THAN 100 EMPLOYEES 6.3% 9.5% 22.2% 21.8% 16.2% 3.1% 10.0% Set up bitcoin reserves, by size Figure 17. TELECOM & TECHNOLOGY CONSTRUCTION & MACHINERY FINANCIAL SERVICES HEALTHCARE PROFESSIONAL SERVICES MANUFACTURING RETAIL 28.1% 25.0% 22.5% 14.8% 12.5% 12.1% 8.7% Set up bitcoin reserves, by industry Figure 18. Those who had purchased Bitcoin reserves included mostly smaller to mid-sized organizations. Companies in the tech sector led the way, followed by construction and machinery (an interesting tech-savvy position for a generally traditional sector). 242021 REPORT Fifty five percent of our respondents had purchased ransomware insurance; clearly it’s a rising trend. But all members of our CISO Board noted that the cost of that insurance, and the complexity of acquiring it, have increased significantly in the last year. Insurers are carefully examining an applicant’s preventive and protective measures as qualifiers for coverage. (Getting very particular about specific measures also leaves room for loopholes through which providers may later deny benefit payout.) Premiums for larger organizations can reach one hundred thousand dollars per year or more; deductibles can be in the millions. Given that, a total ransomware impact of $1M-$5M (which reflects the largest percentage of responses we received - see Figure 6) may be equal to or more than an organization’s insurance benefit, and thereby is better coming directly out of the company coffers. It also seems appropriate that management teams should revisit the fundamental question of whether such coverage is really worth it. Perhaps those dollars would be better spent beefing up their prevention, detection, and response capabilities. The purchase of ransomware insurance is more prevalent for larger organizations, leaving smaller organizations more vulnerable. Insurance is most frequently acquired by companies in the construction, technology/telecommunications, and manufacturing sectors. Ransomware Insurance “Insurance premium increases for this year are three figures percentage-wise. Even those companies that are mature and never had an issue are still going to see their insurance double. And those who have had an issue or whose security programs are not deemed to be mature will see 150% or more.” CISO and VP of IT, Large Retail Enterprise “We saw a huge change in the last year relative to cyber insurance. It used to be you would get a short and fairly high-level questionnaire. This year, it was multiple multi- page questionnaires, including one specific to ransomware. They were asking the right questions and if they didn’t understand your answer, they were coming back and seeking clarification.” David Levine, VP Corporate & Information Security, CSO, Ricoh USA, Inc. 252021 REPORT 500-999 EMPLOYEES 1,000-4,999 EMPLOYEES 100-499 EMPLOYEES 10,000-25,000 EMPLOYEES 25,000+ EMPLOYEES 5,000 - 9,999 EMPLOYEES LESS THAN 100 EMPLOYEES 31.3% 33.3% 38.9% 66.7% 70.3% 46.9% 60.0% Purchased ransomware insurance, by size Figure 19. CONSTRUCTION & MACHINERY TELECOM & TECHNOLOGY MANUFACTURING FINANCIAL SERVICES HEALTHCARE RETAIL PROFESSIONAL SERVICES 66.7% 65.6% 63.6% 60.0% 55.6% 43.5% 33.3% Purchase ransomware insurance, by industry Figure 20. “Even the payment of a ransom is an engagement with the threat actor. The whole idea is to engage in communication with the threat actor. That will tell you how sophisticated they are, how serious they are, their background, their level of knowledge, and whether or not they will actually go through with it if you pay them. That puts you in a different negotiating posture.” Mark Rasch, Cybersecurity Legal Expert 262021 REPORT For all of the actions already taken and plans made, CISOs still may face some obstacles to establishing what they consider to be effective ransomware defenses. Countering long-term CISO frustration about the Board and senior leadership not really understanding cyber threats, our findings show this is not the case for ransomware, with Board support at the bottom of the obstacle list! Lack of support from executive leadership ranks only one quarter point above that. Even budgeting is not the obstacle it has traditionally been. This is a testament to the high-profile nature of the threat and the multi-faceted, high-value impacts that it can have. At the other end of the spectrum, difficulty implementing related tools and technology, as well as the availability of technologies that are effective, rank as the biggest obstacles. And of course there is the perennial problem of the cyber talent shortage to implement solutions, along with ‘other conflicting priorities,’ lest we forget the plethora of security challenges today’s organizations are facing. It’s also worth noting that the aforementioned challenges seem well suited to a managed detection and response (MDR) solution -- especially for organizations where resource constraints preclude having their own full- blown Security Operations Center (SOC). What Holds CISOs Back? DIFFICULTY IMPLEMENTING RELATED TOOLS/TECHNOLOGIES LACK OF SKILLED PERSONNEL TO IMPLEMENT SOLUTIONS OTHER CONFLICTING PRIORITIES LACK OF EFFECTIVE SOLUTIONS AVAILABLE IN THE MARKET LOW SECURITY AWARENESS AMONG EMPLOYEES LACK OF BUDGET LACK OF SUPPORT FROM EXECUTIVE MANAGEMENT DIFFICULTY JUSTIFYING BUDGETARY REQUESTS IN BUSINESS TERMS LACK OF SUPPORT FROM THE BOARD 3.28 3.24 3.14 3.11 2.99 2.89 2.71 2.69 2.49 On a scale of 1 to 5, with 5 being highest, rate how each of the following affects your organization’s ability to achieve effective ransomware defenses: Figure 21. Even with all of these concerns, respondents still seem to think they’re in pretty good shape when it comes to ransomware mitigation. (That does make us wonder why so many are getting successfully hit or worrying about it.) CISOs Remain Confident Next Next THE HOME DEPOT MANAGES A LARGE-SCALE RUBRIK DEPLOYMENT Learn how one of Rubrik's biggest customers, The Home Depot, automated Rubrik Edge to be deployed across 2,200+ stores, including the push of the image, registration of the device, and configuration of each appliance. Continue Reading The Home Depot Manages a Large-Scale Rubrik Deployment Zero Trust Data Security For Dummies The Definitive Guide to Zero Trust Data Security™ Backup & Recovery Best Practices Best Practices Guide: Prepare and Recover from a Ransomware Attack The Definitive Guide to Rubrik Cloud Data Management Protecting Hybrid and Multi-cloud Data Magic Quadrant™ for Enterprise Backup and Recovery Software Solutions Rubrik Explore Try Rubrik Now Rubrik + Estée Lauder: Securing At-Risk Data for Growing Beauty Empire You're in Good Hands with Allstate and Rubrik Submit By clicking “Accept All Cookies”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. Cookie Policy Cookies Settings Accept All Cookies PRIVACY PREFERENCE CENTER When you visit any website, it may store or retrieve information on your browser, mostly in the form of cookies. This information might be about you, your preferences or your device and is mostly used to make the site work as you expect it to. The information does not usually directly identify you, but it can give you a more personalized web experience. Because we respect your right to privacy, you can choose not to allow some types of cookies. Click on the different category headings to find out more and change our default settings. However, blocking some types of cookies may impact your experience of the site and the services we are able to offer. More information Allow All MANAGE CONSENT PREFERENCES PERFORMANCE COOKIES Performance Cookies These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our site, and will not be able to monitor its performance. FUNCTIONAL COOKIES Functional Cookies These cookies enable the website to provide enhanced functionality and personalisation. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies then some or all of these services may not function properly. STRICTLY NECESSARY COOKIES Always Active These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information. TARGETING COOKIES Targeting Cookies These cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising. Back Button PERFORMANCE COOKIES Search Icon Filter Icon Clear checkbox label label Apply Cancel Consent Leg.Interest checkbox label label checkbox label label checkbox label label Confirm My Choices LEARN MORE ABOUT DATA SECURITY AND ZERO TRUST Please wait for the form to load * Email Address: * Country: United StatesCanadaAlbaniaAmerican SamoaAnguillaAntigua and BarbudaArgentinaArubaAustraliaAustriaBahamasBahrainBangladeshBarbadosBelgiumBelizeBermudaBoliviaBonaire, Sint Eustatius and SabaBrazilBrunei DarussalamBulgariaCambodiaCayman IslandsChileChinaColombiaCook IslandsCosta RicaCroatiaCuracaoCyprusCzech RepublicDenmarkDominicaDominican RepublicEcuadorEgyptEl SalvadorEstoniaFaroe IslandsFinlandFranceFrench GuianaFrench PolynesiaGermanyGreeceGreenlandGrenadaGuadeloupeGuamGuatemalaGuyanaHaitiHondurasHong KongHungaryIcelandIndiaIndonesiaIrelandIsraelItalyJamaicaJapanJordanKuwaitLatviaLaosLebanonLiechtensteinLithuaniaLuxembourgMacaoMalaysiaMaldivesMartiniqueMauritaniaMexicoMicronesia, Federated States OfMonacoMontserratMoroccoMyanmarNepalNetherlandsNew CaledoniaNew ZealandNicaraguaNigeriaNorwayOmanPakistanPanamaParaguayPeruPhilippinesPolandPortugalQatarReunionRomaniaRussian FederationSaint Kitts and NevisSaint LuciaSaint Vincent and the GrenadinesSamoaSaudi ArabiaSerbiaSingaporeSint Maarten (Dutch part)SloveniaSlovakiaSolomon IslandsSouth AfricaSouth KoreaSpainSri LankaSurinameSwazilandSwedenSwitzerlandTaiwanThailandTimor-LesteTrinidad and TobagoTunisiaTurkeyTurks and Caicos IslandsUnited Arab EmiratesUnited KingdomUruguayVanuatuVenezuelaVietnamVirgin Islands (British)YemenZambiaZimbabwe Country (Required) * Postal Code: * *Please opt-in to receive future marketing communications from Rubrik. I understand I can always opt out of marketing emails per the Rubrik Privacy Policy Submit Close