15% of the Nasdaq 100 Is Highly Susceptible to a Ransomware Attack, New Black Kite Research Finds

Black Kite’s Ransomware Susceptibility Index (RSI) determined that 1-in-7 Nasdaq-100 companies ranked as highly susceptible to a ransomware attack.

September 16, 2021

2 Min Read


BOSTON, Sept. 15, 2021 -- More than 90 percent of Nasdaq-100 companies are operating out-of-date systems, and 82 percent have publicly visible ports, increasing the risk of a ransomware attack, new Black Kite research revealed today. Black Kite’s Ransomware Susceptibility IndexTM (RSI) determined that 1-in-7 Nasdaq-100 companies ranked as highly susceptible to a ransomware attack, the greatest likelihood that an organization is at risk of an attack.

The patent-pending (RSI) follows a process of inspecting, transforming, and modeling data collected from a variety of OSINT sources (internet-wide scanners, hacker forums, the deep/dark web and more). Using data and machine learning, the correlation between control items is identified to provide a ransomware susceptibility rating on a scale from 0.0 (less susceptible) to 1.0 (more susceptible)*.

Black Kite discovered that the average annual financial risk of a cyberattack could cost a Nasdaq-100 company $41.3 million. Black Kite leverages the OpenFAIR™ methodology to transform cyber risk into financial terms. The FAIR calculation depicts an annual risk quantification, allowing a company to estimate the cost of a cyber breach to the organization itself or from a breach caused by a third party.

“Ransomware is preventable, and risks can be mitigated,” said Paul Paget, CEO of Black Kite. “However, the globe’s leading industrial companies must take action. Close publicly visible ports, update out-of-date systems, secure employee credentials, and reduce susceptibility to phishing.”

The Nasdaq-100 findings are consistent with a ransomware review of the Fortune 100 last month. More than 25% of Fortune 100 companies are highly susceptible to a ransomware attack, 75% are more likely to incur a phishing attack and 60% have already experienced a data breach in the past.

* A low RSI™ score does not necessarily mean a company is immune to a ransomware attack. Cybercriminals, especially state-backed actors, may use zero-day vulnerabilities and craft sophisticated attacks, which a security automation tool may not detect or predict.

About Black Kite
One in four organizations suffered from a cyber attack in the last year, resulting in production, reputation and financial losses. The real problem is adversaries attack companies via third parties, island-hopping their way into target organizations. Black Kite is redefining third-party risk management (TPRM) with the world’s first global third-party cyber risk monitoring platform, built from a hacker's perspective. With 200+ customers across the globe and counting, we're committed to improving the health and safety of the entire planet's cyber ecosystem with the industry’s most accurate and comprehensive cyber intelligence.

While other security ratings service (SRS) providers try to narrow the scope, Black Kite provides the only standards-based cyber risk assessments that analyze your supply chain's cybersecurity posture from three critical dimensions: technical, financial and compliance.

For more information, contact Adam Benson at [email protected] or 202.999.9104.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights