Zerto Reveals Orgs Have Incomplete Ransomware Strategies

Zerto, a Hewlett Packard Enterprise company, released its 2022 Ransomware Strategy Survey conducted at VMware Explore US in August/September. The research revealed gaps in companies’ data protection and ransomware strategies that they will want to address to reduce their risk of interrupting business operations in the event of a ransomware attack.

As found in a recent IDC report sponsored by Zerto, the impact of ransomware attacks is extensive. The cost to people can be high with employee overtime, lost employee productivity, the direct cost of recovery (i.e., the engagement of consultants or specialists), and unrecoverable data being notable issues. However, there are even more significant impacts like lost revenue, damaged company reputation and permanent loss of customers.

That is why cyber threats are part of most businesses’ high-level strategies. However, the way in which organizations prepare to combat those threats varies. Only half of the companies surveyed focus on both recovery and prevention. This indicates a holistic view is far from the norm among those surveyed. Interestingly, more than a third of respondents (37 percent) do not have a strategy that focuses on recovery. They either have a sole focus on prevention or have no formalized strategy in place (8.7 percent). This is dangerous because, as ransomware actors become more capable of impounding data, businesses will suffer if they can’t get back up and running immediately on their own behalf.

Ransomware can be combated with proper recovery strategies, but not all companies have a formalized recovery strategy in place. The report shows companies are reevaluating their data protection and cyber resilience strategies. In the survey, 66.8 percent deem their strategy in need of further examination; meanwhile, 20 percent are satisfied with the plans in place.

It’s notable that two-thirds of respondents indicated they are reviewing the strategy they have in place –especially considering the current cyber threat landscape. This may signal that prevention is not enough and that legacy data protection is failing.

As companies reevaluate their strategies, those that haven’t put a focus on recovery will benefit by leaning in the direction of continuous data protection, which offers a continuous stream of recovery checkpoints that allow them to rewind to a time within seconds prior to an attack.

“In an era of relentless cyber threats, strategies to combat attacks can’t remain idle, and they must be multidimensional,” said Caroline Seymour, VP of product marketing at Zerto. “Cyber attackers have proven that they can breach fortified security structures, so companies need a plan in place for what to do once bad actors are in. If the goal is to keep business running and operating, a recovery strategy is required. It’s positive that many companies have multifaceted strategies in place, but completely protecting the business requires recovery capabilities.”