By Barry O’Connell

No security threat demoralises or debilitates organisations quite like ransomware. 

According to Cybersecurity Ventures, global ransomware damage costs were predicted to reach $20 billion annually in 2021, up from $325 million in 2015. In eight years from now, the costs will exceed $265 billion. 

With such predictions, businesses are rightfully concerned about how much ransomware could cost them in the coming years. However, protecting against it shouldn’t cost the earth. 

Switching tactics

Cybersecurity strategies have changed in recent years. With the industry broadly accepting that suffering a data breach is more of a “when not if” situation, many businesses are focused not only on prevention but also preparation and response. 

With such a switch in mentality, businesses assume they will need more work, more resources, and inevitably, incur more costs. Although that may be the case in the first instance, if businesses are clever in the way they set up their cybersecurity strategy, they can save money in the long run.

It’s vital that going forward there is greater focus on balancing the overall return on investment (ROI) and level of risk an organization’s cybersecurity strategy presents. 

Reassessing priorities and getting ROI 

Although security strategies have evolved, many organisations over-rely on technology products to meet their cybersecurity needs. While products and solutions, of course, have their place, businesses need to strike a balance between technology, people, and processes – ideally with technology acting as an underlying factor to support the other two.

No organisation will ever be 100% secure, but those who fare the best have an internal culture that supports and takes an offensive approach to security, makes it everyone’s responsibility, and  proactively and proactively communicates on the subject with its board, C-level, and employees effectively.  

In addition to this, by increasing security maturity and measuring oneself on an evolving scale rather than looking at it as black and white are we secure or are we not, businesses will automatically make strategic, as well as operational, decisions and related investments. This promotes a focus on improvement and where money is going (versus solely having the latest and greatest platform on the market and hoping it provides the protection the business is looking for).

Ensuring ROI means focusing on security posture overall. Businesses want to be sure they have a tolerable level of risk, they are resilient to attacks such as ransomware, and their reputation remains intact. 

Businesses can’t control everything so prioritising key assets is the best approach. This means working out what within the business is likely to be most at risk – for example: customer data, innovation documentation or patents and employee personal identifiable information (PII) – and ensuring the appropriate people, processes, and technology are surrounding it and are fully resourced. 

What’s more, taking preventative measures as well as continuously monitoring, testing, and adapting security approaches based on shifting priorities or business goals should be something every organisation is doing to build their security maturity and ensure ROI.

5 key measures to mitigate the ransomware threat

No company is off limits and there is no fool proof method to keeping ransomware out of the business environment. But there are common-sense steps organisations can take to make themselves a less likely target – or at least one who rebounds much quicker than others in the event of an attack. 

First, running penetration testing (pen testing for short) and ensuring vulnerability assessments are being undertaken. It’s not possible to protect what can’t be seen and without carrying out a thorough pen test, organisations can’t be sure what is connecting to their network, what vulnerabilities are going unmanaged, or what the priority assets are. 

Modern organisations are often highly nuanced with various networks, locations, clouds, etc., making it difficult to maintain a consistent vulnerability management program across multiple environments. As such, it’s vital that pen tests are carried out regularly and security policies shift accordingly. 

Second, getting a handle on phishing attacks. Verizon’s 2023 DBIR found that 36% of all data breaches involved phishing of some sort. What’s more, such attacks are often the first step in a ransomware campaign as cybercriminals can leverage phishing tactics to deploy their malicious payloads or collect credentials to be used later down the line.

Third, mitigating against phishing attacks is not as simple as deploying one email security solution. Every organisation that has been a victim of a successful email-initiated ransomware attack had an email security solution. Instead, layering email security solutions is a very cost-effective way of reducing the volume of phishing attacks. Also, training employees to decrease the likelihood of them falling for a phishing email and clicking on a malicious link bolsters email security technology.

Fourth, is deploying a detection solution to keep up to date with the latest threats. These types of solutions use artificial intelligence and machine learning to detect indicators of compromise and indicators of behaviour in a business’ environment to notify security teams of any malicious activity and giving them time to respond accordingly. 

The majority of companies providing such solutions also share threat intelligence with their customers based on what they’re seeing in the industry or broader threat landscape. However, these solutions are complex and require 24×7 vigilance to be effective. This is another strategic ROI inflection point. Is investing in a partner to provide this capability more cost effective than building it internally? 

Fifth, yet no less important, drafting and referring to an incident preparation and response plan. Every organisation should assume they will be targeted by a ransomware attack. As such, they need to create a plan they can use to respond to the full life cycle of an attack. This can help mitigate and lessen the financial and reputational damage that comes with breaches and attacks. 

Security practitioners should work with the organisation’s C-level executives to answer questions and develop a ransomware protection plan, consider how ransomware is prevented and detected, and how the organisation should respond when it happens. 

The plan itself should ask and answer a series of questions. These include a robust data backup and retrieval plan, how to contain the ransomware, identify affected systems, is there appropriate cyber insurance in place, is negotiating with the attacker or paying the ransom on the table, and which external resources are needed to respond.


It’s always easy to go for the shiny “silver bullet” solution when it comes to protecting against ransomware. However, no one solution can mitigate every threat, instead organisations need to take sensible steps and actions to protect their environment, adapt to their overall business goals, and ensure they’re getting ROI on their security strategy. 

As previously mentioned, no business will be 100% secure but by investing in the right people, processes, and technologies and by having a solid incident response plan, business leaders and security teams can sleep at night knowing they’ve done everything they can to limit the cost and devastation a ransomware attack can bring.

About the Author

Barry O ConnellBarry O’Connell is the General Manager of EMEA regions at Trustwave. Barry has spent more than 20 years leading digital transformation and cybersecurity organizations. He has extensive experience driving multi-million-dollar businesses throughout Europe and the United States. Most recently, Barry was EMEA General Manager at DXC. Previously he held a number of executive leadership roles at HPE in areas such as strategic alliances, managed security services and operations. 

Leave a Reply

Your email address will not be published. Required fields are marked *