Gartner Says Threat of New Ransomware Models is the Top Emerging Risk Facing Organizations

• Supply Chain Disruptions and Endemic COVID-19 Also in Top Five Risks in 3Q21

The threat of “new ransomware models” was the top concern facing executives in the third quarter of 2021, according to Gartner, Inc.’s latest Emerging Risks Monitor Report. Concerns about ransomware topped pandemic-related concerns, including supply chain disruptions, according to the survey of 294 senior executives across industry and geography.

“The negative impact of evolving ransomware attacks is seen as so severe by executives that it tops a notable list of risks related to an ongoing pandemic and the disruption of the global supply chain,” said Matt Shinkman, vice president with the Gartner Risk and Audit practice.

The risk of new ransomware models made its debut in the top five emerging risks in the third quarter as the previous quarter’s top risk, “cybersecurity control failures,” has matured into an established risk after consecutive quarters being tracked by the Emerging Risks Monitor Report. The remaining risks in the top five positions were all related to the pandemic and its implications for work (see Table 1).

The rise of new ransomware models as a top threat to organizations in many ways tracks the growth in popularity of cryptocurrencies that have strengthened the anonymity of attackers, while also providing new models to extort victim organizations. The ransomware business model has become more specialized and otherwise efficient, including “ransomware-as-a-service,” and demand for bitcoin payouts, resulting in a proliferation of attacks. The technology for the attacks themselves also evolves, with viruses that linger and infect backup systems, do not rely on phishing as a vector, harder-to-identify viruses such as “fileless” and “crypto-jacking” attacks.

“While new models of ransomware attacks are frightening in their own right, the consequences for organizations are even worse,” said Shinkman. “Prolonged operational delays, data loss and exposure, as well as the reputational damage that follows, present potential existential risks to an organization that executives are all too well aware of, especially if the attacks occur as a result of inadequate cybersecurity controls.”

Pandemic Risks Linger

As executives grapple with cybersecurity risks, disruptions from the threat of COVID-19 becoming endemic mount. Concerns related to talent, global supply chain disruptions, delays to returning to the office and implementation of vaccine mandates were all indicated as prominent risks by senior executives polled in 3Q21.

“The early calculus of how best to return employees to the office has been supplanted by a range of concerns around ongoing hybrid work disparity, a lack of effective training and development in such an environment and in many cases, historic levels of employee turnover,” Shinkman said. “Managing new working models in an ‘endemic COVID-19’ environment is clearly going to be a more difficult scenario than simply the ‘post-pandemic’ plans, which many executives were relying upon just a few months ago.”