Home

Ransomware

Ransomware

What is the current state of ransomware attacks? What level of defense and preparedness do companies have from their backup support?

Are you currently at a software vendor in the data management, security, storage, backup, system integrator, or consulting industry?

37%Yes
63%No
0 views
250 responses

How often are each of the following elements implemented as part of your ransomware protection strategy?

69,15,15,1,0%Endpoint protection
47,39,11,3,0%Backup - Third-party solution
32,24,23,21,0%Backup - Homegrown
14,46,25,14,1%Ransomware recovery playbook
19,40,28,12,1%Tabletop testing (automated pre-built recovery tests of full-stack critical applications)
10,34,26,29,1%Pre-staged Isolated Recovery Environment (IRE)
26,45,21,5,2%Detection of data tampering (Encryption, deletions, retention tampering, etc)
0 views
151 responses

Which of the following characteristics apply to your backup solution? (Select all that apply)

40%Air-gapped or isolated
40%Immutable
40%Zero trust architecture
40%Flexible retention
40%Tamper-proof retention
52%Data monitoring, testing, validation and alerting to detect possible attack and ensure data trustworthiness
30%Data masking
48%Recovery automation
20%Open API for integration with IT toolchains
6%Recovery to IRE
0 views
149 responses

Do you know the three main variants of ransomware -- what they are and what their impact is?

9%Don’t know
80%Somewhat know
12%100% confident I know
0 views
149 responses

What types of ransomware has your company been attacked by - including individual endpoint devices attacked by ransomware? (Select all that apply)

66%Data encryption
49%Locking of systems
47%Data theft (exfiltration)
17%None of the above
0 views
149 responses

On average, how long did any systems experience downtime as a result of a ransomware attack on your company?

21%No downtime was experienced
14%Less than 1 day
5%1 day
37%2-4 days
7%5-9 days
5%10-14 days
2%2-4 weeks
0%Over 4 weeks
9%My company has not experienced a ransomware attack
0 views
149 responses

Which of the following happened as a result of the attack? (Select all that apply)

49%Backup system compromised during the attack
37%Permanently lost any data as result of ransomware attack
17%Paid ransom
31%Data stolen
50%Sensitive data (PII, HIPAA, etc) compromised
12%Got attacked again
23%My company has not experienced a ransomware attack
0 views
149 responses

What is your preparedness level for these variants of ransomware attacks?

37,44,8,11,0,0%Data encryption
30,50,9,11,1,0%Locking of systems
24,50,17,8,1,0%Data theft (Exfiltration)
0 views
148 responses

If your company's business-critical applications experienced a full day of downtime, what is the estimated cost to your company?

40%Less than $5M/day
16%$5M-$9M/day
22%$10M-$25M/day
11%$26M-$49M/day
3%$50M-$100M/day
0%$101M-$200M/day
1%Over $200M/day
7%I don’t know
0 views
148 responses

What is your confidence level for fully recovering all your full-stack business-critical applications in a timely manner after a ransomware attack?

5,32,48,12,3%Under 1 day
12,50,33,3,2%1-2 days
48,41,10,0,1%3-5 days
71,20,5,2,1%6-10 days
82,11,4,3,1%11-14 days
85,7,5,3,0%Over 2 weeks
0 views
148 responses

What type of regular data testing do you conduct to detect potential tampering of business critical data? (Select all that apply)

46%Block-level encryption
56%File-level encryption
46%Data or metadata-level encryption
44%Retention policy tampering
42%Encryption key tampering
41%Unusually high changes in data volumes
4%None of the above
2%I don’t know
0 views
148 responses

If you get hit by ransomware, how concerned are you that you would lose data? (e.g. data loss since the last backup, data loss due to backup compromise, due to corrupt data backed up [aka garbage in, garbage out], lack of insights on which data is “clean” and can be trusted, etc).

14%Highly concerned
50%Concerned
32%Somewhat concerned
3%Not concerned at all - I am confident I will not lose any data at all if ransomware strikes
0 views
148 responses

In what percentage of non production environments (App dev/test, analytics, AI/ML/cloud migration) are you currently masking sensitive data (Like PII, PCI or PHI)?

9,7,25,33,18,3,5%Development
8,10,27,19,27,3,5%Testing
10,9,32,25,17,3,4%Analytics
14,18,29,23,9,2,5%AI/ML
12,6,32,18,23,3,6%Cloud migration
12,14,25,27,15,2,5%Application modernization
11,15,27,29,12,1,5%Integration testing
0 views
147 responses