# Opener

New Axio Research Illustrates Organizations Lack Basic Cybersecurity Practices, Significantly Increasing Ransomware Exposure

Published by Axio

Axio’s 2022 State of Ransomware Preparedness Report reveals only 30% of organizations have a ransomware-specific playbook for incident management in place

NEW YORK, October 12, 2022Axio, the leader in cyber risk management software, today released its 2022 State of Ransomware Preparedness research report. Although notable improvements have been made since Axio’s 2021 report, organizational ransomware preparedness continues to be insufficient to keep pace with new attack vectors. The report reveals that the lack of fundamental cybersecurity practices and controls, including critical vulnerability patching and employee cybersecurity training, continues to undermine organizational attempts to improve ransomware defenses.

“Ransomware continues to wreak havoc on global organizations, regardless of size or industry,” remarked the report’s co-author David White, President and Co-Founder of Axio. “And the results of our 2022 analysis confirm that success in ransomware intrusion and organizational impact continues to be impeded by the failure to implement and institutionalize the most fundamental cybersecurity practices. As the number of attacks will most likely continue on an exponential trajectory, it’s more important than ever for companies to re-evaluate their cybersecurity practices and make the needed improvements to help combat these attacks.”

The report identifies several emerging patterns that yield insights into why organizations are increasingly susceptible to ransomware attacks. In 2021, seven key areas where organizations were deficient in implementing and sustaining basic cybersecurity practices were identified, and these patterns dominated the 2022 study results as well:

  1. Managing privileged access
  2. Improving basic cyber hygiene
  3. Reducing exposure to supply chain and third-party risk
  4. Monitoring and defending networks
  5. Managing ransomware incidents
  6. Identifying and addressing vulnerabilities in a timely manner
  7. Improving cybersecurity training and awareness

Overall, most organizations surveyed are not adequately prepared to manage the risk associated with a ransomware attack. Key data findings include:

  • The number of organizations with a functional privileged access management solution in place increased by 10% but remains low at 33% overall.
  • Limitations on the use of service and local administrator accounts remain average overall, with nearly 50% of organizations reporting implementing these practices.
  • Approximately 40% of organizations monitor third-party network access, evaluate third-party cybersecurity posture, and limit the use of third-party software.
  • Less than 50% of respondents implement basic network segmentation and only 40% monitor for anomalous connections.
  • Critical vulnerability patching within 24 hours was reported by only 24% of organizations.
  • A ransomware-specific playbook for incident management is in place for only 30% of organizations.
  • Active phishing training has improved but is still not practiced by 40% of organizations.

To learn more, please download a complimentary copy of the report.

About Axio
Axio is the leader in SaaS-based cyber management software, which empowers security leaders to build and optimize security programs and quantify risk in financial terms. Axio360 is the only cyber risk management platform to align security leaders, business leaders, and Boards of Directors around a single source of truth about their most critical corporate risks. Since 2016, Axio has been a trusted partner to many of the world’s leading critical infrastructure, energy, manufacturing, and financial services companies, helping drive better visibility and decision-making about cybersecurity priorities and investments. For more information, visit axio.com


Media Contacts

Alexandra Pony
Silver Jacket Communications for Axio
[email protected]