Ransomware attacks are now inevitable, with incidents of cybercriminals encrypting critical business data and demanding payments for the key, increasing 282% in the second half of 2020 compared with the first half, and a further 14% in the first six months of 2021. In all likelihood, if your company is connected to the internet, it will at some point become the target of a ransomware attack. That’s the bad news.

And while the impact of a ransomware can be devastating, the good news is that there are measures you can and should take to ensure that your organization is as resilient as possible in the face of such attacks conducted by highly resourced and well-organized professional cybercriminal groups.

Resilience is the most important goal because that is the approach that will ensure that even if your company is hit by a ransomware attack, the impact will be limited. Resilience, above all, is about either keeping your business running or getting your business up and running again as quickly as possible, and learning from the experience to improve your cybersecurity functions to mitigate the impact of future attacks.

Resilience is paramount, but requires careful preparation to put in place all the systems and processes necessary to deliver the best possible protection, effective responses, and fast and efficient recovery.

Addressing ransomware and other cyber threats through greater resilience is one of the key topics at KuppingerCole’s 2021 Cyber Security Leadership Summit (CSLS) taking place this week, with one of the pre-conference workshops today entitled Your Path to Ransomware Resilience.

Ransomware is also a topic for one of the exclusive on-site only CISO roundtable discussions at CSLS, as well as a panel discussion tomorrow on Ransomware Attacks and Their Impact on Companies, and presentations on Thursday on Why 20ms Is the New Ransomware Prevention Benchmark, What Happens When the Tech Stops?, AI’s Two-Faced Relationship With Ransomware, Ransomware – True Consequences to Business, Ransomware in Focus, Fighting the Ransomware Storm.

In the best case scenario, organizations are prepared for ransomware attacks. The have the necessary backups, strategies, incident response processes, business continuity processes to not only raise the level of security, but also to enable the business to continue to function despite being targeted.

— Christopher Schütze, Cybersecurity Lead at KuppingerCole

Because we understand how important resilience is in the face of ransomware and other cyber-attacks, and because we are committed to helping your business succeed, KuppingerCole has a great deal of content available in a variety of formats.

This includes webinars such as the one scheduled for December 7 on Lessons From a Journey Into a Real-World Ransomware Attack. Register today for free to take part in this informative discussion.


For some high-level orientation to the topic of resilience, have a look at our Insight on Business Resilience – A Strategic Approach to Business Continuity, and then because preparation is essential and ensuring that everyone knows what to do can significantly reduce the impact of a cybersecurity incident such as a ransomware attack, have a look at this Leadership Brief on Incident Response Management.

As with most cyber threats, when it comes to ransomware attacks, a multi-layered defense is the best strategy. For some high-level recommendations, have a look at this Leadership Brief on Defending Against Ransomware.

Effective response capabilities are an important part of ransomware defense. For a perspective on some of the technologies used to support response processes, have a look at these Leadership Briefs on The Differences Between Endpoint Protection (EPP) and Endpoint Detection & Response (EDR) and Do I Need Endpoint Detecton & Response (EDR)?


Ransomware attacks are a prime example of where business continuity and security need to be closely aligned. For some recommendations on how to achieve closer alignment and integration between business continuity and cyber security teams, have a look at this Advisory Note on Business Continuity in the age of Cyber Attacks. For a specific analysis of the concept of ransomware and some concrete advice on what to do if hit by ransomware, have a look at this advisory note on Understanding and Countering Ransomware.

Audio & Video

If you would prefer to hear ransomware resilience advice directly from our analysts, listen to these Analyst Chats on Protecting Your Organization Against RansomwareIncident Response Management, and Ensuring Business Continuity for the Cloud.

For an interesting and informative journey through an actual ransomware attack to gain insights into the methods used by ransomware attackers and ways of preventing them from succeeding, have a look at this presentation entitled: From Zero to Full Domain Admin: The Real-World Story of a Ransomware Attack.

KuppingerCole also has several other video presentations related to resilience and ransomware. Review the list below and choose those that best match your interests:


For a concise perspective from our analysts on ransomware resilience, have a look at these blog posts on Preparation is Key: Where Prevention Ends, and Business Continuity and Incident Response Management Begins and Don’t Fall Victim to Ransomware.

Other ransomware-related topics are covered in these blog posts on When Are We Finally Going to Do Something About Ransomware?, The Evolution of Endpoint Security: Beyond Anti-Malware, Cybersecurity of Tomorrow: Delivered Entirely From the Cloud, and Cybersecurity Awareness – Are We Doing Enough?


Good network visibility can help mitigate security threats like ransomware. To find out more, have a look at this webinar entitled: Zero Trust Means Zero Blind Spots, and for more information on how to deal with challenges such as the rise in ransomware attacks targeting Active Directory, have a look at this webinar on Active Directory Disaster Recovery.

Tech Investment

If you are interested in investing in ransomware protection, there are several technology types that relate to ransomware protection. For an overview of these market segments and an analysis of some of the key players in these markets, have a look at our Leadership Compass reports on Security Orchestration, Automation and Response (SOAR), and Network Detection and Response.

To familiarize yourself further with vendors and products of relevance to ransomware protection, have a look at our Market Compass reports on Cloud Backup and Disaster Recovery and Endpoint Protection, Detection, and Response.

For more focused market information, have a look at our Buyer’s Compass reports on Ransomware ProtectionEndpoint Detection & Response (EDR)Endpoint ProtectionNetwork Detection & Response (NDR), and Security Orchestration, Automation and Response (SOAR).

Organizations investing in technologies to prevent and mitigate ransomware attacks, can also have a look at some of the related technology solutions that we have evaluated: