Ransomware incidents are increasing 107% year-on-year globally, research by Accenture recently found.
New Zealand is just beginning to see the increase. Incidents reported to Cert NZ went up from 53 in 2020 to 90 in 2021, which could just be just the tip of the iceberg, according to Richard Harrison, Accenture's chief of cybersecurity NZ.
“Ransomware incidents are severe in nature, staking significant consequences on victims to extort as much from them as possible. When they're successful, we're likely to see those numbers rise," he says.
“Organisations wanting to ensure they are resilient to cyber-attacks need to treat them as more than just one-off security issues, instead acknowledging the threat to their business' goals.
“This shift in thinking of cyber-attacks from security problem to a business-led issue needs to change now if companies are going to avoid facing impacts to their reputation, or to the communities they exist for.
When target of an attack, New Zealand businesses who focus solely on technological impact before potential wider outcomes could face stalled productivity or collapse in customer confidence. Their technology leaders have a role to shifting attention towards business' goals when preparing for incidents.
Already, 72% of chief information security officers around the world are reporting to boards or executives to influence their organisation's cybersecurity resilience, Accenture's research revealed.
“IT leaders translating their concerns into risks to their business' aims will have the start of a meaningful conversation for navigating ransomware attacks as crises with their corporate leadership,” says Harrison.
“They'll be in an even better position if they have prepared a strategy with boards or executives that recognises how an incident could thwart their company's intentions towards achieving those goals," he says.
Part of the conversation for corporate leadership will be what flow-on consequences for their staff, revenue streams, and communities may play out.
“Our global research shows 20% of the costs associated with ransomware and extortion incidents are attributed to damage to brand reputation,” says Harrison.
“Security strategies being either too vague or too granular can be costly if they miss the important broader detail of a business' aspirations and environment it operates, guiding its steps towards mitigating adverse effects.
“Being able to factor in how hindered services will affect customers means those in charge can determine the best initial steps, like who to talk to and what to get back up and running," he says.
Harrison says the products and services businesses and customers rely on are increasingly digital, which means the landscape of risks for cyber-attacks will continue to grow.
“It's amazing how easy it is for cyber-criminals to get what they need for a ransomware attack relative to how expensive it is for a business to continuously invest in cybersecurity,” he says.
“A carefully considered investment that an organisation understands across all levels is incredibly worthwhile as it allows for a roadmap to deal with imminent threats from all corners of the digital world.