How to cope with cyber extortion from ransomware

A computer board, illustrating the dangers of ransomware

Ransomware is a growing threat to companies. Image: Adi Goldstein/Unsplash

Jason Lee
Chief Information Security Officer, Splunk
Our Impact
What's the World Economic Forum doing to accelerate action on Cybersecurity?
The Big Picture
Explore and monitor how Cybersecurity is affecting economies, industries and global issues
A hand holding a looking glass by a lake
Crowdsource Innovation
Get involved with our crowdsourced digital platform to deliver impact at scale
Stay up to date:

Tech and Innovation

  • There is now a pressing need for more effective ways to deal with ransomware and extortion attempts to protect our digital systems and data.
  • When confronted with a ransomware attack, many organizations are willing to make substantial payments to regain access to their data and systems.
  • In the face of evolving cyber threats, such as ransomware, organizations worldwide must adapt and fortify their defences.

In today’s digital landscape, we face an ongoing and increasingly serious problem – the ever-present threat of cyberattacks. Among these digital threats, ransomware, though not a new issue, has grown into a significant challenge for organizations around the world. In the wake of cyber incidents, such as this year’s MOVEit attacks, there is now a pressing need for more effective ways to deal with ransomware and extortion attempts to protect our digital systems and data.

According to Splunk’s 2023 CISO Report, 90% of cybersecurity leaders disclosed that their organizations fell victim to at least one disruptive cyberattack in the past year. Even more striking, 83% of organizations resorted to paying ransoms in the aftermath of a ransomware attack, whether directly, through cyber insurance, or via third-party negotiators. Notably, more than half of these ransom payments exceeded $100,000.

Ransomeware remediation
Ransomeware remediation Image: Splunk

How is the Forum tackling global cybersecurity challenges?

Organizations are paying ransoms

These figures underscore a harsh reality: when confronted with a ransomware attack, many organizations are willing to make substantial payments to regain access to their data and systems. Although 69% of CISOs acknowledge that paying a ransom might expose them to future legal ramifications, the immediate threat of ransomware forces their hand, according to the same CISO Report. What’s even worse is that some organizations find themselves unable to fully recover their capabilities even after paying the ransom. Even cyber insurance, a valuable resource, can fall short of providing full reimbursement.

This alarming trend has led organizations to understand the need for maintaining offline, regularly-tested, segregated backups. This tactic can serve as a crucial defence against the debilitating consequences of ransomware attacks. Boards and governing bodies are closely monitoring the threat of ransomware, with 78% of CISOs reporting creating their own dedicated board-level cybersecurity committees.

Have you read?

Threat actors growing more sophisticated

These threats and the adversaries behind them will only continue to advance. As such, we’ve seen cyber attacks undergo a dangerous shift into extortion territory as threat actors grow more sophisticated. These threats have come to be known as the act of extortion by cyber criminals where ransomware serves as a tool. It’s critical for organizations to understand how ransomware has evolved into extortion, as well as how to mitigate the continued advancement of these threats.

The advancement of these threats and the willingness of organizations to pay a ransom signals a pressing need for a profound shift in cybersecurity strategy. Organizations must transition from a reactive stance to a proactive one, characterized by the development of digital resilience – the ability to keep systems secure and reliable in the face of digital disruptions.

Organizations can do this by empowering their security teams to be proactive, working collaboratively to detect and predict issues, identify root causes, assess risk and remediate threats quickly, accurately and at scale. A proactive approach entails integrating security and IT safeguards into the engineering process from the outset.

It's time to be cyber-resilient

Digitally resilient organizations not only address problems when they arise; they also prevent incidents from escalating into major crises. They recover swiftly from digital disruptions and adapt rapidly to seize new opportunities. This shift towards digital resilience is essential for reducing the impact of ransomware attacks and other cyber threats.

In the fight against extortion, ransomware and other cyber threats, the concept of 'time to contain' becomes a pivotal metric for digitally resilient businesses. The longer an attacker remains undetected within an organization’s network, the more damage they can inflict. The average dwell time for cyber attacks is a staggering 2.24 months, equivalent to about nine weeks. This prolonged period provides attackers with ample opportunity to steal sensitive data, disrupt operations or inflict other harm.

By lowering 'time to contain', organizations can more quickly challenge the attacker within the network. Organizations should strive to reduce 'time to contain' as part of their security strategy. To achieve this, they can leverage advanced security tools and practices that enable real-time threat detection and rapid incident response. The focus should be on early threat identification, swift containment and minimizing the attacker’s dwell time within the network. This approach, combined with proactive digital resilience measures, can significantly enhance an organization’s ability to withstand cyber threats, including ransomware.

The prevalence of extortion and ransomware attacks, and the alarming trend of organizations paying ransomware, underscore the urgent need for a proactive shift towards cyber resilience. In an increasingly digital world, the cost of being just reactive is too high, organizations must take proactive steps to protect their data and operations.

The path forward involves building digital resilience, ensuring that systems remain secure and reliable despite digital disruptions. It’s a challenging journey that requires coordination, investment in the right tools and a steadfast commitment to proactive cybersecurity practices. In the face of evolving cyber threats, such as ransomware, we must adapt and fortify our defences. Organizations must adopt a proactive approach to security that can ultimately help safeguard the digital foundations on which our modern world relies.

Don't miss any update on this topic

Create a free account and access your personalized content collection with our latest publications and analyses.

Sign up for free

License and Republishing

World Economic Forum articles may be republished in accordance with the Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International Public License, and in accordance with our Terms of Use.

The views expressed in this article are those of the author alone and not the World Economic Forum.

World Economic Forum logo
Global Agenda

The Agenda Weekly

A weekly update of the most important issues driving the global agenda

Subscribe today

You can unsubscribe at any time using the link in our emails. For more details, review our privacy policy.

Tinder Swindler: How 'romance fraud' became a multi-billion dollar cybercrime

Robin Pomeroy and Sophia Akram

May 24, 2024

About Us



Partners & Members

  • Join Us

Language Editions

Privacy Policy & Terms of Service

© 2024 World Economic Forum