The vast majority (86.7%) of C-suite and other executives say they expect the number of cyberattacks targeting their organizations to increase over the next 12 months, according to a recent Deloitte poll. And while 64.8% of polled executives say that ransomware is a cyber threat posing major concern to their organizations over the next 12 months, only 33.3% say that their organizations have simulated ransomware attacks to prepare for such an incident.
“Over the past 12-18 months, executives across industries and sectors have witnessed — and increasingly experienced first-hand — the jaw-dropping frequency, sophistication, cost, and both economic and operational impacts of ransomware attacks,” said practice leader, Curt Aubley. “As some ransomware can evade antivirus tools and attackers find more ways to pressure victims to pay ransoms, these attacks often have national and global repercussions. There’s no time to waste when it comes to honing and testing incident response programs for ransomware and other cyber events.”
Deloitte urges companies to develop an incident response plan, and to consider implementing a Zero Trust approach to cybersecurity. Removing automatic or inherited trust given to users, workloads, networks, and devices can help organizations shore-up security gaps created by digital transformation, M&A activity, rapid cloud adoption and continued remote work that ransomware actors frequently exploit. Frequent penetration testing, and identification of new attack patterns, is also recommended.
The data comes from an online poll of more than 50 C-suite and other executives during a webcast held in June. Participating executives held leadership roles in areas including corporate boards (36.7%), IT (34.4%), risk management (12.2%) and security and privacy (6.7%).
Strong executive and board level oversight of and support for IT security has become increasingly critical as the threat vectors and frequency of attacks expand.