ransomware prevention strategy red lock
Image: JustSuper/Adobe Stock

There is no denying the impact of ransomware attacks inside organizations is massive — and yet, protection strategies are not adequate. A newly released study confirms this with findings that only 20% of respondents are satisfied with their data protection and ransomware strategies, and alarmingly, more than one-third of respondents (37%) do not have a strategy in place that focuses on recovery.

SEE: Mobile device security policy (TechRepublic Premium)

The survey, conducted by Zerto at VMware Explore 2022 in San Francisco, finds that organizations either have a sole focus on prevention or no formalized strategy in place yet (8.7%), and two-thirds of respondents deemed their strategy in need of further examination.

The shift to the cloud for disaster recovery

The report revealed that nearly three-quarters (74%) of respondents are using cloud as part of their disaster recovery and data protection strategy, which points to the importance of security in the cloud, Zerto said.

In addition to these latest findings, a recent IDC report sponsored by Zerto indicated that more than 80% of new applications will be deployed in the cloud or at the edge. Most cloud applications will be either software as a service or cloud-native containerized applications. SaaS application data, in particular, can create a data management gap.

Because of this move to the cloud, IDC has predicted that by 2025, 55% of organizations will have shifted to a cloud-centric data protection strategy.

“Although data will continue to be protected at the core, in the cloud, and at the edge, we believe that enterprise data protection and DR will be managed from the cloud,’’ the IDC report said.

Meanwhile, data indicating that “backup reliability and restore reliability are the top challenges to backup/recovery is rather damning,” the report said. “One would presume that modernizing these systems would be a priority.”

When IDC asked respondents about their top technology deployment priorities in the next 12 months, cloud-native apps was number one (29%), but it was followed by hybrid cloud backup (28%), hybrid cloud archive (27%) and cloud-based disaster recovery as a service (DRaaS) (27%).

The lack of focus on recovery endangers business operations

The impact of ransomware attacks results in areas including employee overtime, lost employee productivity, the direct cost of recovery from engaging consultants and specialists, and unrecoverable data, the Zerto report noted. There are even more significant impacts like lost revenue, damaged company reputation and permanent loss of customers.

“That is why cyber threats are part of most businesses’ high-level strategy,’’ the report said. “However, the way in which organizations prepare to combat those threats varies. Only half of the companies surveyed focus on both recovery and prevention. This indicates that a holistic view is far from the norm amongst those surveyed.”

The stats from the report are alarming because as ransomware actors become more capable of impounding data, businesses will suffer if they can’t get back up and running immediately on their own behalf, Zerto said.

Creating a more holistic ransomware strategy

With proper recovery strategies, companies can combat ransomware, but not all have a formalized recovery strategy in place, and the Zerto research found that companies are reevaluating their data protection and cyber resilience strategies.

The fact that two-thirds of respondents indicated they are reviewing the strategy they have in place may signal that prevention is not enough and that legacy data protection is failing.

“As companies reevaluate their strategies, those that haven’t yet put a focus on recovery will benefit by leaning in the direction of continuous data protection, which offers a continuous stream of recovery checkpoints that allow them to rewind to a time within seconds prior to an attack,” the report said.

In a time where cyber threats are relentless, strategies to combat attacks can’t remain idle, and they must be multidimensional, said Caroline Seymour, vice president of product marketing at Zerto, in a statement.

“Cyber attackers have proven that they can breach fortified security structures, so companies need a plan in place for what to do once bad actors are in,” Seymour said.

If the goal is to keep the business running and operating, a recovery strategy is required, Seymour noted. She added that “it’s positive that many companies have multifaceted strategies in place, but completely protecting the business requires recovery capabilities.”

Most companies correctly start the process by building a robust prevention strategy focused on thwarting attacks, the report said. As attacks become more sophisticated and capable of breaching prevention security, a key part of a modern, multi-layered approach is to prioritize recovery.

If your organization needs guidance on creating a ransomware recovery strategy, the experts at TechRepublic Premium have put together a comprehensive ebook for IT leaders responding to the aftermath of a cyberattack.


Zerto’s research team surveyed 220 people in person at VMware Explore in San Francisco, from Aug. 29-31, 2022. All were attendees of the VMware Explore conference and respondents were primarily end users and service providers (92%). Across those groups, 87% of respondents had experience working with corporate IT. All data was collected in a span of three days. Responses were recorded anonymously, but company and job/title information was collected.

Subscribe to the Cybersecurity Insider Newsletter

Strengthen your organization's IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices. Delivered every Monday, Tuesday and Thursday

Subscribe to the Cybersecurity Insider Newsletter

Strengthen your organization's IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices. Delivered every Monday, Tuesday and Thursday