Three years after the NotPetya attacks, many companies still unprepared to respond to a ransomware attack


Research by data recovery specialist Ontrack of 484 organizations reveals that 39% either do not have a ransomware strategy, or are unaware if they have one, and 29% report they would not be able to access any working backups after an attack.



As we discussed in our note yesterday, the difference between companies with good cyber governance and poor cyber governance is very often not driven by the technology that companies have, but rather by how well companies manage their technology, as well as how well they train their staff in good cyber hygiene and threat preparation. Making sure that data is regularly and securely backed up—and analyzing third party cloud provider’s potential vulnerabilities as well—are basic building blocks of good cyber hygiene.

In addition, considering the rapid growth of the ransomware threat in recent years and the severe negative operational and financial impact that ransomware driven operational disruptions have on organizations, it is highly problematic that 39% of firms report not having a ransomware strategy, or not being aware that they have such a strategy. Without a well thought through plan, companies will not be able to respond effectively to a ransomware attack. Ransomware plans must be in place before an attack takes place, and the necessary immediate action to protect and restore data and operations can only happen if companies have plans in place to do so, and key staff know the role they are required to take in such an event. Companies with good cyber governance understand this and make the appropriate preparations (in addition to taking the steps necessary to lowering the probability of an attack in first place), while those with poor cyber governance often do not.

We use cookies to make our website more user-friendly and effective

The Cyberhedge Indices Cookie Policy

What are the Cyberhedge Cyber Governance Indices?

These first ever benchmarks prove good cyber governance matters to shareholder value. They measure stock market performance of companies with good and with bad cyber governance scores. Scores are based on Cyberhedge’s proprietary cyber governance rating methodology. Market performance is tracked by an independent firm. The results show that companies with good cyber governance outperform their peers in US, UK, and EU markets.

Information that we collect

Here you can see and customize the information that we collect about you. To learn more, please read our privacy policy

Continue on website