In discussions with leading European CISOs recently on the recent elevated ransomware attacks , a recurring theme emerged: both the retail sector and critical national infrastructure are increasingly targeted by cybercriminals, including foreign state-sponsored actors. High-profile breaches, such as those faced by Marks and Spencer, revealed how sophisticated ransomware tactics can incapacitate large organizations and threaten customer data integrity for months. Similarly, attacks on infrastructure providers and energy networks demonstrate the potential for impactful disruptions with national security implications.
CISOs also highlight that the growing diversity of data—spanning unstructured data, IoT systems, AI learning models, industrial control systems and machine learning algorithms—significantly complicates security efforts. As the volume and types of information expand, so do the challenges in securing sensitive and operational data effectively. These incidents and trends underscore the urgent need for strategic, resilient defenses against ransomware and other cyber threats.
Assessing the Ransom Demands Versus Potential Losses
CISOs also highlight the complex calculus involved in deciding whether to pay ransom demands. Some argue that, in certain cases, paying between $80 million to $100 million might be justified if it prevents far greater costs —a single ransomware incident can result in operational disruptions that outweigh the ransom amount significantly for enterprise/global organizations or indeed critical national infrastructure. The immediate costs of downtime, loss of data, reputation damage, regulatory fines, and recovery efforts often dwarf ransom payments, which might be viewed as a strategic investment to minimize overall damage.
However, many CISOs also note that paying ransom is fraught with issues: it encourages criminal enterprises, offers no certainty of data recovery, and risks legal complications. Furthermore, not paying can sometimes lead to prolonged operational paralysis, increased attack sophistication, and even political or diplomatic disputes if the attackers are linked to foreign states. Conversely, refusing to pay can also raise difficult questions—for example, should organizations risk further attacks by not providing funds, or face regulatory penalties if ransom payments are prohibited by law? Some CISOs suggest that, in certain scenarios, paying the ransom might be the lesser of two evils, especially when the cost of inaction could run into hundreds of millions of dollars.
The Case Against Paying Ransom
Risks of System Pulling and Operational Chaos
CISOs emphasize that shutting down compromised systems to contain an attack can cause significant operational downtime, directly affecting customers and revenue. While disconnecting affected systems might prevent data exfiltration, it can also make recovery more complex, particularly if backups are outdated or compromised. Restoring services can be painstaking, requiring meticulous planning and investment in resilient recovery strategies.
Timing and Swift Response
Early detection remains crucial; quick action can minimize damage by limiting data encryption and exfiltration. Delays often result in more extensive compromises, mounting operational and reputational costs.
Reputational and Regulatory Considerations
Transparency with stakeholders, regulators, and customers is essential. CISOs advise that mismanagement or delays in breach disclosures can lead to regulatory fines, erode customer trust, and cause long-term damage to brand reputation. Open, honest communication can sometimes mitigate these effects.
Best Practices Recommended by CISOs
Concluding Insights from CISOs
There is no universal approach; effective responses are context-dependent. A comprehensive, balanced strategy prioritizes prevention, rapid detection, and well-rehearsed recovery plans. Decisions about ransom payments should involve legal, security, and executive teams, carefully weighing immediate operational needs against the long-term strategic risks—especially in complex geopolitical environments.
How ShardSecure Supports Ransomware Resilience
CISOs recognize the value of innovative solutions like ShardSecure. Its security architecture dynamically segregates, encrypts, and distributes data across multiple secure shards, rendering ransomware demands ineffective because attackers cannot access or encrypt meaningful data without access to the entire system. Its self-healing technology detects tampering or corruption within data shards and automatically initiates recovery processes, ensuring data integrity and operational continuity even during an attack. This proactive approach helps organizations maintain resilience, making downtime and extortion attempts less effective and supporting ongoing business operations with confidence. ShardSecure’s Agentless Encryption Technology is also frictionless, has no impact on users or system performance and requires no heavy lifting by SOC teams in deployment.
If you are keen to win the ransomware war why not request a demo? https://go.shardsecure.com/schedule-a-demo