How Important is Board Involvement to your Ransomware Preparedness Strategy?
According to the recently published 2022 State of Ransomware Preparedness Report, a survey conducted by ActualTech Media, the impact of board involvement on ransomware preparedness should be “intentional” to say the least. “Involving the board with intentionality and to help the organization as a whole increase its awareness for this critical issue likely played a much larger role in the improved outcomes that many reported”, says Scott Lowe, Co-founder, CEO and Principal Analyst at ActualTech Media.
Here are four “eye-opening” stats to start that highlight the importance of board involvement:
- Organizations that involve their boards of directors in ransomware mitigation plans are far better prepared than those organizations that don’t.
- Companies that involve board input report increased spending in 2022 and 2023 when compared to their counterparts.
- Those organizations polled that involve their board claim they would recover from an attack in a few hours, and they spend far less time working on ransomware preparedness
- There is a strong correlation between board involvement and sufficient RTO and RPO metrics.
These key takeaways were compiled from the analysis conducted by a broader survey around the topic of ransomware. This segmentation of the report was designed to investigate the specific impact of board involvement on ransomware preparedness outcomes.
As we take a deeper dive into why board involvement is so important to your ransomware preparedness strategy, we uncovered these two high-level questions that need to be answered right away:
Question #1: What are key preparedness indicators?
Question #2: What are you doing about ransomware?
Question # 1 opens up a much larger door into question # 2. According to the survey, cybersecurity posture, ransomware prevention efforts and the implementation of comprehensive training programs are key preparedness indicators that boards consider to be “high-level.” Organizations that involve their boards in ransomware preparedness activities appear to implement prevention strategies at a significantly higher level. Download the survey and see the results for yourself.
Question # 2 is a much broader question with more subsequent questions and data to digest. What is your organization doing about ransomware preparedness and how important is board involvement to your prep? The survey suggests that board involvement positively correlates to overall tactical activities related to protecting organizations against ransomware.
As outlined in the report, survey respondents answered these ensuing questions:
- As compared to 2020 and 2021, for overall ransomware prevention and recovery spending, as compared to 2022 and 2023, we are expecting to spend . . .
- Approximate how many hours per week on average would you estimate you currently spend on ransomware preparedness?
- If your organization were to experience a ransomware attack that impacted all systems, how long do you think it would take you to recover to the following levels?
- If you were to experience a ransomware attack, what is the most recent backup from which you could recover for mission-critical systems? In technical terms, what is your Recovery Point Objective (RPO) granularity?
- Do your current RPO and RTO metrics meet your organization’s needs?
- Beyond RTO and RPO, how easy is it for you to recover systems?
It’s clear that, at present, the focus for many is on prevention and detection versus recovery. This could be because companies still believe that prevention alone can solve the ransomware issue, and detection is considered a “solved problem.” Focus on recovery tends to be when it’s too late in many situations and then companies work through the specific process and processes required, starting at paying the ransom to spending days and weeks to get to a point where the data needed to run the company is at a point where “normal” business operations can continue to function.
If asked the same questions, how would your answers stack up against these responses?
How important is it to have board involvement in your ransomware preparedness plan?
The bottom line is this. Organizations that involve their boards of directors in their ransomware mitigation plans tend to have better preparation and outcomes than those that don’t.
Are you prepared? Download the report today and find out. The results just might surprise you!