Soft ransomware targets, a new top emerging risk for enterprises: Gartner

Concern about artificial intelligence (AI)-enhanced malicious attacks is once again the top emerging risk for enterprise in the second quarter of 2024, a recent Gartner, Inc.’s survey has revealed.

Gartner surveyed 274 senior risk executives and managers during H1 2024 to document and compare emerging risks.

Three of the top five most cited emerging risks are in the technology category, with AI-enhanced malicious attacks taking first place, followed by soft ransomware targets.

According to the survey, concerns regarding soft ransomware targets are new, having entered the tracker for the first time.

Soft ransomware targets include the types of systems that may be especially vulnerable to ransomware due to underinvestment or technical debt, leading to longer disruptions in business operations when attacks occur.

The ease of carrying out such attacks, via what’s known as ransomware-as-a-service (RaaS), allows cybercriminals with even minimal experience and technical skill to deploy attacks at low cost, Gartner explained.

“Similar to AI-enhanced malicious attacks, soft ransomware targets require minimal experience and cost to cause significant financial and reputational damage,” said Gamika Takkar, director, research in the Gartner Risk & Audit Practice.

He added: “Ransomware-as-a-service lowers the barrier to entry for inexperienced cybercriminals who know just enough about how to attack and disrupt business operations, creating worse impacts than usual when attacks occur.”

According to the survey, the potential impacts of soft ransomware targets range from operational disruptions and delay of services, to increased exposure to multi-extortion. The latest could be ransom demand following threats of selling, publishing or permanently deleting data.

Other consequences that would possibly be needed to be mitigated are the increased financial burden in the form of direct and indirect costs.

Direct costs include ransoms, remediation, litigation, and public relations, while indirect costs, such as reputational damage and loss of intellectual property, also create burden on the organisation.

Takkar noted: “While operational disruption and increased costs are dire consequences of soft ransomware targets, the exposure to extortion can impact not just the organisation itself, but any and all associated third-parties as well, further underscoring the importance of understanding and preventing such risk.”

The concern of soft ransomware targets was followed by escalating political polarisation, which first entered the tracker in 4Q23. It held steady as the third most cited concern, the same position as in 1Q24.

While misaligned organisational talent profile moved up from the fifth to fourth most cited risk. AI-assisted misinformation came in fifth place, moving down from its second place in the prior quarter.

This website states: The content on this site is sourced from the internet. If there is any infringement, please contact us and we will handle it promptly.