new poll from Deloitte shows organizations are all too aware of the problem of ransomware, but aren’t ready to respond to the specific ransomware scenario given that the attackers have the upper hand.

This is a serious problem.

If you’ve been reading my blogs, I’ve repeatedly made it known that ransomware is dangerous, pervasive, and costly. But this new data from Deloitte makes it clear that a material number of organizations are going to realize one click too late that they have no real ability to respond to a ransomware attack.

According to the Deloitte data:

  • 87% of organizations expect the number of cyberattacks targeting their organization to increase over the next 12 months
  • 65% of execs feel ransomware is the greatest threat concern in the next 12 months
  • 54% have incident response plans, but nothing specifically for ransomware
  • Only 33% of organizations have simulated an attack, testing response plans

According to Kieran Norton, Deloitte Risk & Financial Advisory’s infrastructure security solution leader and principal in Deloitte’s press release, “Strong executive and board level oversight of and support for the cyber risk management program is a critical part of event preparedness. Leaders at the highest levels need to understand the crucial role they play in prevention — by providing oversight, governance and tone from the top — as well as direct support for attack response.”

The fact that half have an IR plan and only a third of organizations ever simulate an attack, you better have a strong preventative security posture – one that includes Security Awareness Training – to stop an attack. Otherwise, you’re going to feel the pain of having no plan or idea of how to respond.