For instance, in April, Symantec released its 2016 Internet Security Threat Report, which found that ransomware increased by 35 percent in 2015. In particular, much of that increase has been in recent crypto-ransomware variants, which encrypt files on the victims' computers using strong encryption and then demand a ransom for decryption.
Ponemon's study found that 56 percent of organizations are not confident they could deal with a ransomware incident, and only 9 percent of respondents said they have considered under what circumstances they would pay to resolve a ransomware incident.
More reasons to worry
Other causes for concern from the study include the following:
- Of the 26 percent of organizations that don't practice their plan, 64 percent said the reason they don't practice it is that it's not a priority.
- Only 38 percent of companies surveyed said they have a data breach or cyber insurance policy. Of those that said they do not have a policy, 40 percent said they have no plans to purchase one.
- Only 46 percent of respondents have integrated response plans into their business continuity plans, and only 12 percent meet with law enforcement or state regulators in advance of an incident.
- Only 39 percent of organizations surveyed practice their plan at least twice a year.
"Investing in breach preparedness is like planning for a natural disaster," Bruemmer says. "You hope it will never happen, but just in case, you invest time and resources in a plan so your company can survive the storm."
Sign up for Computerworld eNewsletters.