Ransomware is a persistent issue for many CISO's, with a significant number opting to settle ransom demands.
In the digital age, the role of Chief Information Security Officers (CISOs) has evolved significantly. They now need to understand the risk calculus of their technology stacks to answer the critical question: Are we a target?
According to Splunk research, this concern is not unfounded. A staggering 9 in 10 CISOs reported experiencing at least one disruptive cyberattack in the last year. Ransomware, in particular, has emerged as a lucrative business for ransomware gangs. Many organizations are gambling with their reputations in the hope of decrypting their data and preventing the release of sensitive material.
The U.S. government, through bipartisan efforts and ongoing task forces like the Ransomware Task Force, is focusing on disruption, victim notification, and legislation to reduce ransomware risk. While many legislative proposals to limit ransom payments remain pending, the government's stance is generally against paying ransoms in ransomware attacks, especially in the public sector and critical infrastructure.
This is reflected in the Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA), which requires covered entities to report any ransom payments to the Cybersecurity and Infrastructure Security Agency (CISA) within 24 hours. The Biden Administration and other government actions emphasize strengthening cybersecurity through information sharing but do not support ransom payments as they incentivize and fund cybercriminal groups.
The financial implications of ransom payments vary widely, with most organizations paying under $250,000, but nearly 1 in 10 paying over $1 million. Ryan Kovar, leader of Surge, Splunk's blue team security research team, suggests that CISOs have a duty to include ransom payments in their budgeting for cyber insurance.
However, a ban against ransom payments would be a major shift in strategy to counter financially motivated threat actors. The Biden administration decided against an outright ban on ransom payments and instead encourages organizations not to pay. Anne Neuberger, deputy national security advisor for cyber and emerging technologies, expressed that ransom payments fuel cybercriminal activities.
Corporate stakeholders want to better understand the risk calculus of their technology stacks, including whether their organization is a target for cyberattacks. CISOs need to have a plan in place before a ransom attack occurs to ensure strong resilience. Almost half of the surveyed security executives reported multiple disruptive cyberattacks in the last year.
The UK government has been evaluating bans on ransom payments by public sector and critical infrastructure providers, indicating international alignment toward discouraging ransom payments. The U.S. shows similar policy direction though not yet a formal ban at the federal level.
In conclusion, the U.S. government is working towards discouraging ransom payments, mandating their reporting, increasing disruption of attackers, and pursuing stronger cybersecurity policies and legislation to combat ransomware attacks—especially given the sharp rise in attacks on government agencies observed in 2025. CISOs play a crucial role in this fight, needing to stay vigilant and prepared for the evolving threat landscape.
- CISOs, in the war against ransomware attacks, must consider the potential consequences of ransom payments, as they can fuel cybercriminal activities and incentivize further attacks.
- In a digital world where privacy is paramount, Chief Information Security Officers (CISOs) should understand that politics, technology, and general news can significantly impact the risk calculus of their technology stacks, as seen in the increasing focus on ransomware by governments worldwide.
- With the rising threat of ransomware, which has become a lucrative business for gangs, privacy concerns, and the need for increased cybersecurity, Cybersecurity Officers require a comprehensive plan to combat these attacks, including budgeting for cyber insurance to cover potential ransom payments.
