The threat of new ransomware models is the top concern facing executives in the third quarter of 2021, according to Gartner’s latest Emerging Risks Monitor Report.
Concerns about ransomware topped pandemic-related concerns, including supply chain disruptions, according to the survey of 294 senior executives across industry and geography.
“The negative impact of evolving ransomware attacks is seen as so severe by executives that it tops a notable list of risks related to an ongoing pandemic and the disruption of the global supply chain,” says Matt Shinkman, vice-president with the Gartner Risk and Audit practice.
The risk of new ransomware models made its debut in the top five emerging risks in the third quarter as the previous quarter’s top risk, “cybersecurity control failures,” has matured into an established risk after consecutive quarters being tracked by the Emerging Risks Monitor Report. The remaining risks in the top five positions were all related to the pandemic and its implications for work.
Top Five Risks by Overall Risk Score and Frequency
| Score Rank | Risk Name | Impact Score | Timeframe Score | Frequency |
| 1. | New Ransomware Models | 3.43 | 1.50 | 78% |
| 2. | Postpandemic Talent | 2.94 | 1.59 | 77% |
| 3. | Endemic COVID-19 | 2.86 | 1.33 | 74% |
| 4. | Supply Chain Disruptions | 3.07 | 1.62 | 69% |
| 5. | Hybrid Workforce Disparities | 2.66 | 1.57 | 71% |
(Source: Gartner, October 2021)
The rise of new ransomware models as a top threat to organisations in many ways tracks the growth in popularity of cryptocurrencies that have strengthened the anonymity of attackers, while also providing new models to extort victim organisations.
The ransomware business model has become more specialised and otherwise efficient, including “ransomware-as-a-service,” and demand for bitcoin payouts, resulting in a proliferation of attacks.
The technology for the attacks themselves also evolves, with viruses that linger and infect backup systems, do not rely on phishing as a vector, harder-to-identify viruses such as “fileless” and “crypto-jacking” attacks.
“While new models of ransomware attacks are frightening in their own right, the consequences for organisations are even worse,” says Shinkman. “Prolonged operational delays, data loss and exposure, as well as the reputational damage that follows, present potential existential risks to an organisation that executives are all too well aware of, especially if the attacks occur as a result of inadequate cybersecurity controls.”
Pandemic risks linger
As executives grapple with cybersecurity risks, disruptions from the threat of Covid-19 becoming endemic mount. Concerns related to talent, global supply chain disruptions, delays to returning to the office and implementation of vaccine mandates were all indicated as prominent risks by senior executives polled in 3Q21.
“The early calculus of how best to return employees to the office has been supplanted by a range of concerns around ongoing hybrid work disparity, a lack of effective training and development in such an environment and in many cases, historic levels of employee turnover,” Shinkman says.
“Managing new working models in an ‘endemic Covid-19’ environment is clearly going to be a more difficult scenario than simply the ‘post-pandemic’ plans, which many executives were relying upon just a few months ago.”