Many companies are not sufficiently prepared for ransomware attacks and dangerous vulnerabilities arise due to a lack of skilled workforce and reliance on internal resources. These are the results of a study by Zerto. […]

The results of Zerto’s research “The Long Road Ahead to Ransomware Preparedness” make it clear that many companies are not sufficiently prepared for attacks and struggle to recover from them. The study highlights the increased risk resulting from widespread skills shortages and over-reliance on internal resources. It is true that companies have recognized that the most effective protection against a ransomware attack is the ability to quickly recover data. In practice, many organizations continue to struggle to fight ransomware when prevention fails.

Three quarters of all companies have problems after an attack

For example, nearly three-quarters of organizations affected by ransomware attacks in the past 12 months (73 percent of respondents overall) have been negatively impacted. Even in highly security-conscious organizations (ranked by ESG as a “leader” in ransomware protection), things were disrupted 75 percent of the time. This raises doubts about how comprehensive the recovery strategies are even in these companies. The threat is even greater for the companies affected by successful attacks. 61 percent of all victims who paid ransom were subsequently exposed to further blackmail attempts. This has led to victims making additional payments. The study also highlights the risks associated with paying ransoms. Only one in seven companies (14 percent) got all their data back, even if they paid the ransom.

Lack of skilled labor increases ransomware risk

Regardless of the size and impact of the attacks, nearly half of respondents (45 percent) struggle with responding to a ransomware attack. In particular, companies report skills and training gaps in certain areas of their teams and with outside contractors and suppliers, while significant shortages of qualified personnel and skills exist in other areas.

Results of the study at a glance

• Ransomware attacks are ubiquitous and sometimes have serious consequences for businesses.
• Being always ready is critical to contain ransomware. However, most companies have significant gaps here.
• Most companies continue to invest in prevention.
• The shortage of skilled workers and reliance on internal resources pose a risk for many companies to react quickly.
• While hybrid backups are already widely used, recovery from a ransomware attack is no guarantee.
• When it comes to business continuity, the length of RPOs and RTOs varies widely between most enterprises and the most advanced organizations.

“Unfortunately, many companies are still unable to effectively protect themselves from the risks and impact of ransomware attacks,” said Christophe Bertrand, Practice Director at ESG. “This leads a significant number of companies to think they have to pay a ransom to get their data back. Instead, decision makers should focus on ransomware strategies that prioritize effective, rapid and complete recovery.”

“It is worrying that many companies are grappling with vulnerabilities resulting from inadequate technology and under-prepared teams,” said Caroline Seymour, VP of Product Marketing at Zerto. “Unlike typical backup solutions, Zerto’s Continuous Data Protection (CDP) technology provides an effective solution to avoid costly risks such as data loss, downtime and disruptive recovery tests.”

The data speaks for itself: ransomware attacks are increasing in volume and intensity. Paying the ransom does not guarantee data recovery. Companies therefore need a solution that can recover to a state that was seconds before an attack in minutes. And the question is not “if” but “when” and “how often” such a situation can arise. Therefore, companies need to step up and optimize their data backup and recovery measures.