Companies spending $6M on ransomware mitigation: Is it working?

2022-02-25 05:00

A CBI and Ponemon Institute research report, based on a survey of IT and security professionals, takes a comprehensive look at companies' ransomware strategies and mitigation tactics and the operational impact of incidents.

Eighty percent of companies surveyed have experienced a ransomware attack, despite spending an average of $6 million annually on ransomware mitigation resources.

Companies' ransomware strategies and mitigation tactics Only 32% are confident in their security controls, indicating the need to use more effective approaches to prevent ransomware attacks.

"Ransomware incident preparedness and mitigation remains one of the biggest challenges facing organizations regardless of their size, but it doesn't mean it has to be one of the biggest budget allocations. Organizations need to gain confidence in their approaches, technologies, personnel and tactics. Part of building that confidence is admitting where there are gaps and collaborating with strong partners to fill those gaps," says Shaun Bertrand, CSO at CBI. The report found that companies are spending $170,000 per ransomware incident on staffing alone, with an average of 14 staff members each spending 190 hours on containment and remediation activities.

While companies understand the seriousness of ransomware attacks, only 33% are highly confident in their companies' response ability.

Larry Ponemon, Ph.D., Chairman and Founder of Ponemon Institute, noted, "The cost per incident will continue to increase, and the types of attacks will continue to evolve. What's most striking is the vast majority of organizations are not doing enough to evaluate the security of their third parties. These findings should be a wakeup call and motivate organizations to evolve their ransomware mitigation playbooks."

News URL

https://www.helpnetsecurity.com/2022/02/25/companies-ransomware-strategies-mitigation/

#mitigation #ransomware