A survey of 750 CISOs in the US and UK paints a sobering picture of the current ransomware landscape. Not a single company surveyed managed a full recovery within 24 hours of a ransomware attack. The average recovery time is five days, with some cases stretching to two weeks.
Endpoints as the Primary Entry Point
57 percent of the CISOs surveyed reported that the most recent serious attack on their organization started at a mobile, remote, or hybrid endpoint. 55 percent said their company had experienced a security incident in the past twelve months that took endpoint devices offline.
The spread of remote and hybrid work has significantly expanded the attack surface for many organizations. Devices outside the traditional corporate network are harder to monitor and often run without built-in resilience and protection mechanisms.
AI Accelerates Attacks, RaaS Lowers the Bar
Ransomware-as-a-Service has dramatically lowered the barriers to entry for attackers. Operators provide malware, infrastructure, and negotiation services, while affiliate actors carry out the attacks and split the proceeds. At the same time, attackers are increasingly using AI to scale phishing campaigns, automate vulnerability discovery, and develop malware that evades signature-based defenses.
Pay or Not Pay?
58 percent of the CISOs surveyed are considering paying the ransom if attacked. 46 percent see operational disruptions as the most severe potential consequence. Double and triple extortion tactics, combining data encryption with data theft and DDoS attacks against customers or partners, are making a pure backup restore increasingly insufficient as a response.
According to the study, the most resilient organizations focus not primarily on prevention, but on operational resilience: the ability to absorb attacks, limit downtime, and restore critical systems quickly.