Gartner: Threat of New Ransomware Models is Top Emerging Risk

October 21, 2021

Supply Chain Disruptions and Endemic COVID-19 Also in Top Five Risks in 3Q21

The threat of “new ransomware models” was the top concern facing executives in the third quarter of 2021, according to Gartner, Inc.’s latest Emerging Risks Monitor Report. Concerns about ransomware topped pandemic-related concerns, including supply chain disruptions, according to the survey of 294 senior executives across industry and geography.

“The negative impact of evolving ransomware attacks is seen as so severe by executives that it tops a notable list of risks related to an ongoing pandemic and the disruption of the global supply chain,” said Matt Shinkman, vice president with the Gartner Risk and Audit practice.

The risk of new ransomware models made its debut in the top five emerging risks in the third quarter as the previous quarter’s top risk, “cybersecurity control failures,” has matured into an established risk after consecutive quarters being tracked by the Emerging Risks Monitor Report. The remaining risks in the top five positions were all related to the pandemic and its implications for work (see Table 1).

The rise of new ransomware models as a top threat to organizations in many ways tracks the growth in popularity of cryptocurrencies that have strengthened the anonymity of attackers, while also providing new models to extort victim organizations. The ransomware business model has become more specialized and otherwise efficient, including “ransomware-as-a-service,” and demand for bitcoin payouts, resulting in a proliferation of attacks. The technology for the attacks themselves also evolves, with viruses that linger and infect backup systems, do not rely on phishing as a vector, harder-to-identify viruses such as “fileless” and “crypto-jacking” attacks.

“While new models of ransomware attacks are frightening in their own right, the consequences for organizations are even worse,” said Shinkman. “Prolonged operational delays, data loss and exposure, as well as the reputational damage that follows, present potential existential risks to an organization that executives are all too well aware of, especially if the attacks occur as a result of inadequate cybersecurity controls.”

Rajeev Gupta, Co-founder & Chief Product Officer at Cowbell Cyber explained, "It's not a surprise that the ransomware threat has emerged as the top concern for the executives. Bad actors are capitalizing on the perfect opportunity created by the businesses' need to go digital as a result of remote workforce / customers, and growth of cryptocurrencies.  At Cowbell, we are seeing an exponential increase in the demand for cyber insurance. As a result, the entire dynamic has changed from 'Do I need Cyber Insurance?' to 'Can I get Cyber Insurance?'"

Pandemic Risks Linger

As executives grapple with cybersecurity risks, disruptions from the threat of COVID-19 becoming endemic mount. Concerns related to talent, global supply chain disruptions, delays to returning to the office and implementation of vaccine mandates were all indicated as prominent risks by senior executives polled in 3Q21.

“The early calculus of how best to return employees to the office has been supplanted by a range of concerns around ongoing hybrid work disparity, a lack of effective training and development in such an environment and in many cases, historic levels of employee turnover,” Shinkman said. “Managing new working models in an ‘endemic COVID-19’ environment is clearly going to be a more difficult scenario than simply the ‘post-pandemic’ plans, which many executives were relying upon just a few months ago.”

Terms of Use | Copyright © 2002 - 2021 CONSTITUENTWORKS SM  CORPORATION. All rights reserved. | Privacy Statement