Zerto, a Hewlett Packard Enterprise company, today released findings from its 2023 Ransomware Strategy Survey conducted at VMware Explore US in August 2023. The research reveals that more than one-third of companies still do not have a well-rounded, holistic ransomware strategy in place. The survey also found that companies are reevaluating their data protection and cyber resilience strategies to align more closely with the threats they are facing.
One in three companies still are not prioritizing recovery
The report shows that 35.4% of companies are not prioritizing recovery. This is concerning, as ransomware actors are becoming more capable of impounding data. Businesses will suffer wide-ranging consequences if they cannot recover and get back up and running immediately on their own behalf.
In all, just over half of the companies surveyed (56.6%) focus on both recovery and prevention. This indicates that a holistic view is far from widespread amongst those surveyed.
“It is natural for companies to start by building a robust prevention strategy focused on thwarting attacks,” said Caroline Seymour, VP of product marketing at Zerto. “However, as attacks become more sophisticated and capable of breaching prevention measures, prioritizing recovery must be a key element of a modern, multi-layered approach. It’s just as crucial as prevention, if not more in the current threat environment.”
Companies continue to reevaluate ransomware strategies
The survey also found that 66.2% of companies are reevaluating their data protection and cyber resilience strategies. This is a positive sign, as it shows that companies are taking the threat of ransomware seriously. Still, the fact that companies are reevaluating strategies they have in place, especially considering that nearly two thirds (63.1%) of those surveyed have multiple data protection and ransomware detection tools at their disposal, signals that prevention is not enough and that legacy data protection falls short.
“It’s encouraging to see that organizations are reevaluating their ransomware strategies. For companies that have not put a focus on recovery, this is a step in the right direction toward a more holistic ransomware strategy,” continued Seymour. “One solution that companies should consider is isolated cyber vaults that can employ a secure architecture to protect data and thwart ransomware. Organizations should not rely on protection alone. That is a risk that can’t be alleviated by insurance and preventative measures and is not worth taking. “
In addition, the survey found that obtaining cyber insurance requires a holistic approach. For those utilizing cyber insurance, the underwriters that evaluate applicants require backup, disaster recovery, detection, and data vault capabilities to approve policies. This shows that those who are in the business of financially protecting against ransomware threats require policy holders to protect their data in a comprehensive fashion.
The survey’s findings suggest that companies need to reevaluate their ransomware strategies and adopt a more holistic approach that includes recovery, data protection, and cyber insurance. By doing so, companies can better protect themselves from the devastating financial and operational consequences of a ransomware attack.
Methodology
The research team surveyed 201 people in person at VMware Explore in Las Vegas, August 26 to 29, 2023. All respondents were attendees of the VMware Explore conference. All data was collected in a span of three days. Responses were recorded anonymously, but company and job/title information were collected.
