'IT leaders are over-stressed and under-prepared for ransomware attacks'

23 December 2021

UK IT managers do not believe they invest enough to prevent ransomware attacks, whilst a similar number (52%) don’t feel supported to do so by their company’s board. 

That is according to the findings of Osirium’s 2021 Ransomware Index survey, which also raises concerns about UK IT teams’ ability to properly manage potential ransomware attacks, of which their likelihood of becoming a victim is increasing rapidly. Of those surveyed, only 21% claimed they had never been attacked. Perhaps more surprisingly, 53% of respondents agreed with the statement: “It would be cheaper to pay the ransom demand than continuously invest in preventing ransomware”.

More than half of the survey respondents also claimed that they do not have sufficient budget/resources to cope with the constantly evolving threat landscape, which makes the research finding, that many feel the only way to deal with the problem is to pay, even more impactful.

The stress to UK IT managers, caused by the spectre of Ransomware, is an increasingly significant downside to an already difficult job. 86% of the IT managers surveyed said they feel stressed about the prospects of a ransomware attack, with 22% saying it more than doubled their stress levels.

“This situation is unsustainable, and it is likely only a matter of time until many of these ill-prepared businesses fall victim to a ransomware attack," David Guyatt, founder and CEO of Osirium said. "The cost of paying a ransom is merely the tip of the iceberg. Add in the real and virtual costs, such as reputational damage, regulatory fines and lost business through downtime, and it is hard to justify not having robust malware and ransomware protection in place.”

Guyatt’s comments are further substantiated by the Osirium report finding: 19% considered reputational damage to be a major concern, with 24% concerned about downtime and 28% citing data protection worries.

“Right now, many businesses are deep into the planning process as they prepare for 2022 and beyond,” added Guyatt. “This will be a pivotal moment for UK business leaders, and those who neglect to prioritise their ransomware defence and remediation systems may just as well paint a target on their back. Failure to prepare, and the associated stress on the IT department, could easily also result in individuals experiencing major burnout, the impacts of which will only lead to further security challenges.”‍