The vast majority (86.7%) of C-suite and other executives say they expect the number of cyberattacks targeting their organizations to increase over the next 12 months, according to a recent Deloitte poll.

September 13, 2021

5 Min Read


The vast majority (86.7%) of C-suite and other executives say they expect the number of cyberattacks targeting their organizations to increase over the next 12 months, according to a recent Deloitte poll. And while 64.8% of polled executives say that ransomware is a cyber threat posing major concern to their organizations over the next 12 months, only 33.3% say that their organizations have simulated ransomware attacks to prepare for such an incident.

"Over the past 12-18 months, executives across industries and sectors have witnessed — and increasingly experienced first-hand — the jaw-dropping frequency, sophistication, cost, and both economic and operational impacts of ransomware attacks," said Curt Aubley, Deloitte Risk & Financial Advisory detect and respond practice leader and managing director, Deloitte & Touche LLP. "As some ransomware can evade antivirus tools and attackers find more ways to pressure victims to pay ransoms, these attacks often have national and global repercussions. There's no time to waste when it comes to honing and testing incident response programs for ransomware and other cyber events."

Kieran Norton, Deloitte Risk & Financial Advisory's infrastructure security solution leader and principal, Deloitte & Touche LLP, added, "Strong executive and board level oversight of and support for the cyber risk management program is a critical part of event preparedness. Leaders at the highest levels need to understand the crucial role they play in prevention — by providing oversight, governance and tone from the top — as well as direct support for attack response."

To get an idea of how prepared an organization is to address a ransomware attack, Norton says business leaders can ask specific questions designed to probe the depth of the cyber program's ransomware detection, prevention and response capabilities.

Questions leaders can ask to gauge their organizations' ransomware preparedness include:

  • Does our organization's cyber incident response plan address ransomware attacks specifically? Leading organizations have developed and tested cyber incident response plans, but not every organization has one and not all directly address the nuances of ransomware attacks.

  • Has our organization considered adopting Zero Trust to help bolster cybersecurity against ransomware and other threats? Removing automatic or inherited trust given to users, workloads, networks, and devices can help organizations shore-up security gaps created by digital transformation, M&A activity, rapid cloud adoption and continued remote work that ransomware actors frequently take advantage of.

  • Does our organization fully appreciate how ransomware attackers could exploit our use of emerging technologies to propagate attacks? Are we leveraging emerging technologies to better protect our organization from those threats? Certain technologies that companies are implementing as part of their digital transformations appear to benefit attackers in a number of ways, but defenders can use them to their organization's advantage as well. It's important for companies to understand how these technologies may increase their cyber risk exposure and how defenders could use them to improve security.

  • How does our organization test for ransomware vulnerabilities? Frequent penetration testing can help identify attack surface vulnerabilities and paths to critical systems and assets, while business continuity/disaster recovery testing can confirm that redundant backups are ready to support business resiliency if needed. As ransomware can propagate throughout a technology infrastructure, traditional backup and recovery plans may not be sufficient. Further, testing ransomware incident response plans via simulations or other approaches can help leaders across an organization build "muscle memory" around roles, responsibilities and protocols in the event of an attack.

  • Does our organization conduct threat hunting to help manage ransomware risk? Leading organizations are starting to take the offensive in cyber risk management by proactively working to identify new attack patterns and new attackers before they can potentially cause damage. By uncovering undetected ransomware, malware or other cyber threats, potential effects can be investigated and remediated in a timely manner.

About the online poll
More than 50 C-suite and other executives were polled online during a webcast held on June 24, 2021 about cyber threat detection and response. Participating executives held leadership roles in areas including corporate boards (36.7%), IT (34.4%), risk management (12.2%) and security and privacy (6.7%). Answer rates differed by question.

About Deloitte
Deloitte provides industry-leading audit, consulting, tax and advisory services to many of the world's most admired brands, including nearly 90% of the Fortune 500® and more than 7,000 private companies. Our people come together for the greater good and work across the industry sectors that drive and shape today's marketplace — delivering measurable and lasting results that help reinforce public trust in our capital markets, inspire clients to see challenges as opportunities to transform and thrive, and help lead the way toward a stronger economy and a healthier society. Deloitte is proud to be part of the largest global professional services network serving our clients in the markets that are most important to them. Building on more than 175 years of service, our network of member firms spans more than 150 countries and territories. Learn how Deloitte's more than 330,000 people worldwide connect for impact at


Shelley Pfaendler

Taylor Graham

Public Relations

Public Relations

Deloitte Services LP

Deloitte Services LP

+1 212 492 4484

+1 410 576 6707

Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee ("DTTL"), its network of member firms, and their related entities. DTTL and each of its member firms are legally separate and independent entities. DTTL (also referred to as "Deloitte Global") does not provide services to clients. In the United States, Deloitte refers to one or more of the US member firms of DTTL, their related entities that operate using the "Deloitte" name in the United States and their respective affiliates. Certain services may not be available to attest clients under the rules and regulations of public accounting. Please see to learn more about our global network of member firms.

SOURCE Deloitte

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights