Don't Be One of the 86% of Global Orgs That Paid Ransom Last Year

In partnership with

We are sitting at the intersection of cybersecurity and artificial intelligence in the enterprise, and there is much to know and do. Our goal is not just to keep you updated with the latest AI, cybersecurity, and other crucial tech trends and breakthroughs that may matter to you, but also to feed your curiosity.

Thanks for being part of our fantastic community!

In this edition:

• Did You Know - Reasoning for Rapid Recovery

• Original Article - 86% of Organizations Globally Admitted to Paying Ransom in Past Year Per Rubrik Research

• Artificial Intelligence News & Bytes

• Cybersecurity News & Bytes

• AI Power Prompt

• Social Media Image of the Week

 Did You Know - Reasoning for Rapid Recovery

• Did you know that according to new research from Rubrik Zero Labs, 86% of organizations globally admitted to paying ransom demands following a cyberattack in the past year? CSO Online on Rubrik

• Did you know that in 2023, attackers targeted backup data in 93% of cyberattacks, successfully hindering recovery in 75% of these incidents? Veeam

• Did you know that 57% of backup compromise attempts were successful, impacting ransomware recovery operations across various sectors? ​ Sophos

• Did you know that only 2% of organizations could recover data and restore business processes within 24 hours after a ransomware attack? ​ Cohesity

• Did you know that 34% of organizations took more than a month to recover from a ransomware attack in 2023? ​ Axios

• Did you know that in 2023, ransomware attacks rose by 73% globally compared to the previous year? ​ StateScoop

• Did you know that in 2023, 67% of organizations paid their ransom using insurance? ​ Sprinto

• Did you know that in 2023, the average downtime a company experienced after a ransomware attack was 24 days? ​ Varonis

Don't Be One of the 86% of Global Orgs That Paid Ransom Last Year

It is recovery, not prevention, where most defenses still fail.

Here are 7 ways you can improve your response to ransomware capability rapidly:

1. Develop/Update and Test Your Ransomware-Specific Incident Response Playbook: Don't just have a generic IR plan. Create a dedicated playbook specifically for ransomware scenarios. This should detail immediate steps: identifying affected systems, containment procedures (network isolation, endpoint disconnection), communication protocols, escalation paths, and roles/responsibilities.

   Rapid Improvement: Even a slightly outdated plan can be quickly reviewed, updated with current ransomware TTPs (Tactics, Techniques, and Procedures), and then tabletop tested within days or weeks to identify gaps.

2. Rigorously Test Backup Integrity and Recovery Speed (Especially Offline/Immutable Backups): Backups are your lifeline. Knowing they exist isn't enough.

   Rapid Improvement: Schedule immediate, realistic recovery tests for critical systems from your offline or immutable backups. Time the process, document challenges, and verify data integrity post-recovery. This identifies critical flaws before an attack forces your hand and builds muscle memory for the recovery team.

3. Implement and Drill Rapid Containment Strategies: The faster you contain ransomware, the less damage it does.

   Rapid Improvement: Ensure your security team has the authority and technical capability (e.g., scripts, EDR functions, network access control changes) to quickly isolate affected endpoints, user accounts, or network segments. Conduct drills specifically focused on speed of isolation without needing layers of approval in an emergency.

4. Pre-establish Crisis Communication Channels and Stakeholder Lists: Chaos ensues when nobody knows who to contact or how.

   Rapid Improvement: Create and distribute an up-to-date emergency contact list including IT/Security, Legal, Executive Leadership, Communications/PR, Cyber Insurance provider, and potentially external incident response retainers. Establish out-of-band communication methods (e.g., personal phones, separate communication platforms) assuming primary networks are compromised.

5. Formalize the Ransom Payment Decision-Making Process & Criteria: Deciding whether to pay is complex and time-sensitive.

   Rapid Improvement: Convene key stakeholders (Legal, Finance, CEO, CISO, potentially Board members, Insurance) now to discuss the organization's stance on paying ransom, understand legal implications (e.g., OFAC regulations), clarify insurance coverage requirements, and define the process and authority for making that decision before you're under duress.

6. Ensure Emergency Access for Responders and Ready Offline Toolkits: Incident responders can't help if they're locked out or lack tools.

   Rapid Improvement: Verify that designated IR team members have necessary emergency administrative access (potentially via break-glass accounts) that works even if central authentication (like Active Directory) is compromised. Assemble and maintain offline toolkits (on USBs/laptops) with necessary forensic, analysis, containment, and recovery software.

7. Tune Security Tools for Ransomware Indicators (IoCs & TTPs): Enhance your ability to detect ransomware activity early.

   Rapid Improvement: Review and update detection rules in your EDR (Endpoint Detection and Response), SIEM (Security Information and Event Management), Network Detection, and other security tools specifically looking for known ransomware IoCs (Indicators of Compromise) and common TTPs (like specific command-line executions, file extension changes, disabling security tools, lateral movement techniques). Prioritize Critical or Major alerts.

These seven potential actions focus on process refinement, testing existing capabilities, preparation, and configuration adjustments, making them achievable relatively quickly compared to major technology overhauls or large-scale architectural changes.

Cybersecurity is no longer just about prevention—it’s about rapid recovery and resilience! 

Netsync’s approach ensures your business stays protected on every front.

We help you take control of identity and access, fortify every device and network, and build recovery systems that support the business by minimizing downtime and data loss. With our layered strategy, you’re not just securing against attacks—you’re ensuring business continuity with confidence.

Learn more about Netsync at www.netsync.com

Artificial Intelligence News & Bytes 🧠

Cybersecurity News & Bytes 🛡️

Find out why 1M+ professionals read Superhuman AI daily.

In 2 years you will be working for AI

Or an AI will be working for you

Here's how you can future-proof yourself:

1. Join the Superhuman AI newsletter – read by 1M+ people at top companies

2. Master AI tools, tutorials, and news in just 3 minutes a day

3. Become 10X more productive using AI

Join 1,000,000+ pros at companies like Google, Meta, and Amazon that are using AI to get ahead.

Sign up and start learning AI

AI Power Prompt

This prompt will assist a leadership in determining, which recovery actions they can take to to ensure their organization's has the ability to respond better, and recover faster from a ransomware attack.

#CONTEXT: Adopt the role of a cybersecurity resilience strategist specializing in business continuity planning and ransomware incident response. You will craft a detailed strategic prompt to assist executive leadership in determining and implementing critical recovery actions that enhance their organization's ability to respond more effectively and recover more rapidly from a ransomware attack. This includes identifying vulnerabilities, establishing robust response protocols, and integrating technical, organizational, and communication layers of resilience.

#GOAL: You will create a structured and actionable mega-prompt that helps leadership evaluate their current ransomware preparedness, close gaps in recovery capabilities, and build a resilient infrastructure that ensures operational continuity and protects stakeholder trust in the face of cyberattacks.

#RESPONSE GUIDELINES: Follow this step-by-step framework to develop the recovery-focused strategy:

1. Assess current ransomware readiness:

   • Conduct a ransomware resilience audit assessing backup systems, network segmentation, incident response plans, and employee readiness.

   • Identify single points of failure and unprotected critical assets.

2. Build a multi-layered defense-in-depth architecture:

   • Implement and test immutable backup solutions that are air-gapped and frequently updated.

   • Strengthen endpoint detection and response (EDR), network monitoring, and zero-trust access controls.

3. Develop a comprehensive ransomware recovery playbook:

   • Include pre-attack checklists, response triggers, step-by-step containment protocols, and post-incident review processes.

   • Outline roles and responsibilities for IT, legal, communications, executive leadership, and external partners.

4. Establish secure and redundant communication channels:

   • Plan for communication if primary systems are compromised.

   • Maintain offline contact trees and alternate decision-making protocols.

5. Create legal and regulatory compliance response templates:

   • Prepare mandatory breach notification workflows, ransomware payment risk assessments, and documentation guidelines.

6. Simulate realistic ransomware attack scenarios:

   • Run quarterly tabletop exercises with cross-functional teams.

   • Include simulations involving decision-making under pressure, ransom negotiations, and media fallout.

7. Prioritize cyber insurance readiness and vendor alignment:

   • Review existing policies to ensure ransomware-specific clauses are adequate.

   • Vet third-party vendors for continuity planning and secure integration.

8. Implement organization-wide training and awareness:

   • Provide phishing resilience simulations and rapid response drills.

   • Ensure executives and board members understand their specific response roles.

Examples to include:

• A recovery timer metric (e.g. RTO/RPO) baseline for business-critical applications.

• Post-ransomware recovery KPIs such as “mean time to detection,” “containment rate,” and “user downtime.”

• Real-case scenarios where delayed communication escalated ransomware impact—and how revised plans prevented it next time.

#INFORMATION ABOUT ME:

• My role: [YOUR ROLE]

• My organization’s size and industry: [ORG SIZE AND INDUSTRY]

• Current ransomware preparedness: [BASIC | INTERMEDIATE | ADVANCED]

• Systems critical to business operations: [CORE SYSTEMS]

• Backup strategy: [BACKUP STRATEGY DETAILS]

• Board/Executive awareness level: [LOW | MEDIUM | HIGH]

• Compliance requirements (HIPAA, SOX, PCI-DSS, etc.): [COMPLIANCE FRAMEWORKS]

• Cyber insurance coverage: [YES/NO, COVERAGE LIMITS]

#OUTPUT: Provide a C-suite-ready strategic plan in concise bullet points organized by phase (preparation, detection, containment, eradication, recovery). Avoid technical jargon. Emphasize clarity, executive accountability, and timelines. Highlight which departments are responsible for each recovery action. Include a checklist of essential recovery elements and sample policy language for internal documentation.

Social Media Image of the Week

Questions, Suggestions & Sponsorships? Please email: [email protected]

This newsletter is powered by Beehiiv

Also, you can follow me on X (Formerly Twitter) @mclynd for more cybersecurity and AI.

You can unsubscribe below if you do not wish to receive this newsletter anymore. Sorry to see you go, we will miss you!