Ransomware attacks were considered an IT problem in the past, but they\u2019re increasingly a direct threat to customer trust. As enterprises face rising breaches that lock their systems and expose sensitive information, every moment of downtime or data loss affects the customer experience. Protecting customers\u2019 data has become as essential to brand reputation as product quality.<\/p>\n
That explains why 58 percent of organizations that suffered ransomware attacks in the past year paid the ransom<\/a> to get their data back, according to Sophos\u2019 State of Ransomware in Retail report. That was the second highest payment rate in five years. The median ransom demand doubled to $2 million from 2024, while the average payment increased by 5 percent to $1 million.<\/p>\n Retailers especially have had a tough year, as several large brands have suffered high-profile cybersecurity attacks. The threats are growing as attackers are constantly looking to exploit vulnerabilities. As demands for ransom payments reach new highs, enterprises in all sectors need to put in place comprehensive security strategies. Sophos\u2019 research showed 46 percent of attacks began with an unknown security gap.<\/p>\n The nature of ransomware threats is changing, as malicious actors hone in on phishing attacks as a way to gain entry into enterprise systems rather than attacking servers.<\/p>\n \u201cWe’re very focused on server security and network security. But in reality, what’s happening is that\u2026 over the last two years, 70 percent of ransomware attacks originated with an individual, rather than the server,\u201d online privacy expert Ron Zayas, Founder CEO of Ironwall by Incogni<\/strong>, told CX Today<\/em> in an interview. \u201cThat’s coming from using data to create better phishing attacks that are so good that you’re clicking on them\u201d<\/p>\n These attacks have a direct impact on a company\u2019s reputation and sales. Major casinos and large retailers have seen their performance plunge in the aftermath of breaches, Zayas noted.<\/p>\n \u201cThis isn’t theoretical. You’re losing a lot of money when customers perceive that A, you’re asking for too much information. And B, when something happens to you because you’re careless, they’re going to go somewhere else because they understand the threat to them.\u201d<\/p><\/blockquote>\n The challenge is escalating as hackers are using AI to create and automate more convincing phishing attacks, Chester Wisniewski, Director, Global Field CISO <\/strong>at security firm Sophos<\/strong>,\u00a0told CX Today<\/em>.<\/p>\n \u201cThe two most concerning aspects of AI are the higher quality of phishing attacks and the speed with which attacks can be conducted. AI doesn’t necessarily create new threats as much as it allows the existing techniques to be automated and executed more quickly,\u201d Wisniewski said.<\/p>\n \u201cOne of the most important factors in defending networks isn’t just prevention, but also how quickly you can detect and breach and respond, ideally, before any data is stolen or encrypted.\u201d<\/p>\n \u201cIf AI makes each malicious step easier, defenders will need to monitor 24\/7 for breaches and be prepared to react in minutes, not hours, to prevent harm to unprotected data,\u201d Wisniewski said.<\/p>\n The key to avoiding ransomware attacks is preparedness. \u201cProperly protecting your information and backups insulates you from all types of data theft and ransom attacks,\u201d Wisniewski said.<\/p>\n But this is where many companies are falling down. According to Sophos, 62 percent of retailers that experienced attacks restored their data using backups. That was the lowest rate in four years, indicating that some companies are not generating regular backups that they can restore data from if the worst happens.<\/p>\n \u201cThe figures for retail in this year’s survey are very concerning,\u201d Wisniewski said. \u201cThe lack of backups makes organisations even more reliant on paying criminals and hoping for the best to regain access to business-critical information.\u201d<\/p>\n Identifying where security weaknesses are and performing reliable backups indicates an organization is taking a proactive approach to data security. \u201cAs we all know, an ounce of prevention is worth a pound of cure and this lack of preparedness results in higher incident costs and more loss of sensitive information harming an organizations\u2019 reputation,\u201d Wisniewski said.<\/p>\n As ransomware attacks evolve to target individuals, enterprises need to understand how employee data can be leveraged to launch highly targeted attacks.<\/p>\n \u201cThat’s where it’s changed, and companies don’t fully understand even that the vector has changed, or how to protect themselves,\u201d Zayas said.<\/p>\n \u201cIt’s the data on your employees that’s killing you, so the way to protect yourself is to remove the amount of data that is available on your employees.\u201d<\/p><\/blockquote>\n Enterprises are starting to realize that dark web monitoring tools can act as an early warning system against ransomware and data breaches. When attackers compromise a device, such as an employee\u2019s phone, they often advertise that access on the dark web for anyone willing to pay.<\/p>\n In some cases, leaked credentials or access to infected devices can surface online weeks before a ransomware attack, and monitoring tools can send out alerts that give teams time to prepare.<\/p>\n \u201cIt’s a great way for you to jump in front of that, because once it’s in circulation, you’re toast; it’s too late,\u201d Zayas said.<\/p>\n Organizations also need to reconsider the level of detail in the data they hold on customers.<\/p>\n For instance, recent security breaches through the Salesforce platform<\/a> have succeeded because companies keep extensive customer records in the system, Zayas noted.<\/p>\n \u201cOne of the best practices for any company is to decide how much information you really need. Just because you can get more information and enrich it doesn’t mean it makes sense.\u201d<\/p><\/blockquote>\n Any interaction with a third party opens up a potential vulnerability. That\u2019s why organizations need to think beyond protecting their servers.<\/p>\n \u201cEverybody wants to jump on the AI bandwagon, and AI isn’t something that a standard company can do on their own. You have to work with a third party\u2026 because of the complexities,\u201d Zayas said. \u201cThat becomes a huge attack vector for people going after ransomware.\u201d<\/p>\n Several high-profile security breaches this year, such as Stellantis, Jaguar Land Rover<\/a>, Harrods<\/a> and Discord<\/a>, have involved attacks on their third-party customer data platforms, not the company\u2019s own servers.<\/p>\n Zayas warned:<\/p>\n \u201cIf you are a private company and you are sharing information, if you are putting your information to a third party, it’s like the old saying, whoever you sleep with, you’re sleeping with everybody that they ever slept with.\u201d<\/p><\/blockquote>\n \u201cWhen you partner with somebody and you’re transferring data, you have to be much more aware of how you’re identifying that data, because now you’re vulnerable to whatever attack happens to them.\u201d<\/p>\n As enterprises adopt AI tools to streamline data management and enhance decision-making, they often overlook the critical risk created by the fact that AI systems rely on large volumes of data. They are opening up their data and feeding extensive amounts of sensitive information into AI platforms. While these systems are managed by major providers, no organization is immune to breaches, potentially exposing customer data, Zayas said.<\/p>\n \u201cLet’s go back in time a little bit to when there was a lot of cash\u2026 People didn’t come to rob your pizza place. They robbed the bank, because that’s where everybody was putting their money.\u201d<\/p><\/blockquote>\n Users need to understand that \u201cdata is the currency\u201d that is now circulated, and this makes large AI providers and marketers more attractive to attackers than targeting a number of smaller companies, Zayas said. \u201cYou’re going to see the breaches being more and more related to the amount of information that’s coming out with AI, the amount of information that’s being enriched, and companies are going to suffer from this.\u201d<\/p>\n Although enterprise teams want to collect as much information as possible to get richer AI outputs, \u201cyou need to be a lot smarter about what information you share to be able to get what you need,\u201d Zayas said.<\/p>\n Removing personal information so that individuals are not identifiable will help to protect customers.<\/p>\n \u201cThe smart play is learn how to sanitize your data. You don’t have to share 100 pieces of information on one of your customers with an outside company. It’s stupid. Why are you sharing all that customer information when it becomes available?\u201d<\/p><\/blockquote>\n \u201cIt’ll still give you the same result you have without the customer information being there.\u201d Zayas added.<\/p>\n When signing contracts with third-party providers, buyers should look for vendors based on their data sensitivity and make sure that they include clear privacy clauses and audit rights.<\/p>\n \u201cThird-party risk management is the frontline defence for customer data,\u201d Aben Pagar, Director<\/strong> at legal services firm Konexo<\/strong>, told CX Today. \u201cDue diligence cannot stop at onboarding\u2014continuous monitoring and assurance are vital. Embedding these controls creates a culture of accountability that protects data and strengthens trust.\u201d<\/p>\n In the UK public sector, a proposed ban on organizations making ransom payments will require them to ensure their systems are resilient.<\/p>\n \u201cThe ban on ransom payments changes the calculus for procurement,\u201d Pagar said. \u201cVetting suppliers for robust security and privacy practices is now non-negotiable.\u201d<\/p>\n When enterprises do fall victim to ransomware attacks, communicating with customers as much as possible is essential to provide reassurance that leaders are actively working to recover and safeguard their data.<\/p>\n \u201cCustomer communications are key during incidents to inspire confidence that you have capable experts handling the situation. Silence is very dangerous, as people’s imaginations are far worse than what your incident actually looks like,\u201d Wisniewski said.<\/p>\n Although there are certain details that companies may not be able to provide because of legal constraints and law enforcement requests, \u201cbeing open and sharing what you can goes a long way toward demonstrating your commitment to your customers and their privacy and security,\u201d Wisniewski said.<\/p>\n Given the proliferation of attacks, companies need to be prepared to bounce back quickly if a ransomware hit does happen. Testing backups regularly and knowing exactly how to restore systems if things go down are key. Staying on top of vulnerabilities, tightening access controls, and keeping a close eye on who has high-level permissions can make all the difference.<\/p>\n \u201cRegular staff training reduces human error, and a robust incident response plan ensures clarity when seconds count,\u201d Richard Chudzynski, Partner at Konexo<\/strong>, told CX Today<\/em>.<\/p>\n Response plans must involve all teams. Ransomware and other cyberattacks are no longer just IT problems. Relying solely on IT managers to respond puts enterprises at greater risk because attacks now touch every aspect of the business.<\/p>\n \u201cResilience is a team sport,\u201d Chudzynski said.<\/p>\n \u201cHR safeguards employee data, procurement manages supplier risk, and business units handle customer information, while IT and cyber teams enforce technical controls. Legal and privacy teams set the regulatory framework, and internal audit validates compliance.\u201d<\/p><\/blockquote>\n When each team owns its role, organizations can communicate transparently during a crisis, helping to minimize disruption to the customer experience and reinforce trust, Chudzynski added.<\/p>\n","protected":false},"excerpt":{"rendered":" Ransomware attacks were considered an IT problem in the past, but they\u2019re increasingly a direct threat to customer trust. As enterprises face rising breaches that lock their systems and expose sensitive information, every moment of downtime or data loss affects the customer experience. Protecting customers\u2019 data has become as essential to brand reputation as product […]<\/p>\n","protected":false},"author":11074,"featured_media":76167,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"footnotes":""},"categories":[62065],"class_list":["post-76151","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-security-privacy-compliance","tag-artificial-intelligence","tag-security-and-compliance","brands_to_track-cx-today","brands_to_track-salesforce","editorial_type-feature","intent-loyalty","target_audience-dual"],"acf":[],"yoast_head":"\nPrevention Starts with Preparation<\/h2>\n
Managing Vendor Risk to Prevent Data Breaches<\/h2>\n
Keeping Customers Informed When Ransomware Strikes<\/h2>\n
Ransomware Recovery is a Team Sport<\/h2>\n