RANSOMWARE IN FOCUS

While ransomware is not a new phenomenon, 2020 brought a significant acceleration of attacks capitalizing on the pandemic-forced shift to remote work, the proliferation of Initial Access Brokers and the ready availability of ransomware as a service. With all of the headlines and hype, we wanted to understand the true perspectives of those who shoulder the burden of responsibility for managing the impacts of ransomware on a business: Chief Information Security Officers (CISOs).

In August 2021, we conducted a study of these seniorlevel executives to assess their ransomware experiences, concerns, and priorities for protecting their organizations going forward. This report, reflecting input from over 250 CISOs, presents what we learned.

This study utilized a quantitative survey that was designed with guidance from a Board of CISOs working at large, private sector organizations predominantly in the United States. Respondents were recruited through their direct relationships with CISOs Connect and from a well-screened panel. We received 250 survey completions from respondents identifying as CISOs or CISO-equivalents across a broad range of industry sectors. All responses were anonymous.

Additionally, we conducted in-depth discussions with members of our Board, a group particularly known for their strong technical and business acumen, to get their detailed perspectives on ransomware as a leading cyber threat. You will find insights and best practice recommendations from them throughout this report.