Table of Contents
The slight uptick in attacks this quarter reinforces what security leaders already know: ransomware isn’t going away. Sitting back and hoping the threat will disappear or that our organization won’t be hit isn’t a strategy. It’s only through analyzing insights and identifying patterns that we can build resilience against these growing threats.
A Slight Uptick, but No Real Relief
For some business leaders, the slight drop in attacks between Q1 and Q2 could have created a false sense of security. The increase in Q3 has now shattered this illusion, confirming ransomware’s persistence. Rather than panicking about this slight increase, we should use it as a reminder that ransomware is cyclical.
Hiding our heads in the sand and hoping attackers go away has never been a legitimate strategy, and it certainly isn’t now. What’s important is understanding attackers’ motivations and figuring out where we’re exposed.
Seeing Patterns Across Industries
While ransomware attacks in manufacturing stood out in Q3, it feels inconsequential to focus on which industries are more targeted. Ransomware affects every organization that depends on its data to operate. The thing that really stood out about the most targeted sectors is their dependence on data availability.
The biggest problem isn’t that someone might steal our data. It’s that we can’t use it to run our organizations if ransomware locks it up. That’s why leaders must stop viewing industry benchmarks as indicators of “safety.” The reality is that if your data is valuable or your operations rely on it, you’re in scope.
The Blind Spots in Resilience Planning
Along with focusing on preventing cyberattacks before they happen, we need to ensure we can continue operating and recover quickly when they do. That requires building the ability to withstand and bounce back from an incident, even if it affects one of our essential partners or service providers.
Many organizations make the mistake of focusing too narrowly on their own security posture and compliance, while completely failing to assess their third- or fourth-party dependencies. Even if it turns out that there’s nothing that truly can be “done” about third-party risk at the end of the day, filling in our blind spots means we can make more informed decisions throughout our business.
This means we must ask ourselves: do we know which vendor outages could disrupt us? How quickly can we detect and respond to exfiltration attempts, both in-house and within our ecosystem?
From Data Protection to Operational Resilience
Readiness is all about how effectively we can contain an incident and how quickly we can recover from it. It’s also about how well we coordinate with our suppliers when things go wrong. It means we need to shift from measuring prevention to measuring endurance, evaluating how well teams can sustain operations when an outage inevitably occurs.
We also need to reframe resilience as a collective effort rather than an isolated one. Our ecosystems aren’t confined to our four digital walls, so we need to know dependencies and consider the external parts of our businesses when structuring and reviewing our contingency plans. It’s impossible to control every dependency, but we can control how prepared we are when one fails.
Looking Ahead: Turning Awareness into Action
Ransomware isn’t going away any time soon, and the dips in attack volume we’ve noticed in previous quarters don’t signal safety. True readiness is about surviving these attacks, which requires visibility into our dependencies and the ability to adapt quickly.
These insights remind us that heading into Q4 and 2026, resilience depends on knowing how attackers value us, and we must work to ensure our contingency plans reflect the operational dependencies that keep us running.
