Separate IT and Cybersecurity Teams Less Successful

SC Magazine discusses how separate IT and Cybersecurity Teams may be less successful during ransomware attack recovery operations, and how day-to-day cybersecurity outcomes are more broadly impacted by organizational structure. The article is based on a survey by Sophos.

Three models are evaluated: 

• Model 1- the IT team and the cybersecurity team are separate organizations
• Model 2 – a dedicated cybersecurity team is part of IT
• Model 3 – no dedicated cybersecurity team. IT manages cybersecurity.

Eighty percent of organizations where cybersecurity is part of the IT team (Model 2) were able to back up and recover their encrypted data. Seventy-six percent of Model 3 organizations without a dedicated cybersecurity team recovered using backups. Both reported a low percentage of ransom payments at 37 and 35 percent.

Model 1 organizations, where IT and cybersecurity are separate, had considerably less success, with only 60 percent, using backups. Model 1s were also much more likely to pay ransom to regain their data. Low ransomware resilience is one of the most notable differentiators for model 1 organizations.

In other respects, Model 2 organizations proved best. For example, over half of the Model 2 organizations fully recovered operationally within a week. The comparison is 37 percent for Model 1 and 35 percent for Model 3.

Model 1 organizations also paid much higher ransoms, more than double that of Models 2 and 3. For organizations following model 1, the median ransom payment was $935,600. Models 2 and 3 reported average ransoms of $320,167 and $350,000. Recovery costs such as higher insurance premiums, reputational damage, and downtime were also higher for Model 1.

Sophos suggested a possible reason for Model 1’s deficiencies, concluding that IT and Cybersecurity Teams working together within a larger group may help prevent the operational silos that can reduce the impact of cybersecurity efforts.