Recently, Richard Horne, CEO of the UK’s National Cyber Security Centre (NCSC), made a statement that should resonate with every business leader: “For too long, cyber security has been regarded as an issue predominantly for technical staff. This must change. All business leaders need to take responsibility for their organisation’s cyber resilience.”1
Today, ransomware is not just an IT issue—it is a boardroom issue, a business continuity issue, and in many cases, a national security issue. This shift in perspective isn’t just timely—it’s overdue. The ransomware landscape has fundamentally changed, and organizations that continue to treat cybersecurity as purely an IT problem are putting themselves at serious risk.
In a world where the cybercrime economy is the third largest in the world, the question is not “if” but “when.”
In a recent Quest Software webinar, my colleagues and I spoke candidly about how the threat landscape has evolved and what executive leaders must understand to protect their organizations. Here are the critical takeaways every C-suite and board member needs to hear.
Identity is the new single point of failure
Today’s cybercriminals aren’t breaking down digital doors—they’re walking through the front entrance with stolen credentials. Attackers don’t “break in” anymore. They log in. Stolen or phished credentials are the weapon of choice, and identity systems—Active Directory on-premises or Entra ID in the cloud—are the crown jewels.
Today, more than 90% of compromises originate with identity. Every privileged account, every service identity, and increasingly, every nonhuman agent such as an AI model, represents a potential doorway.
Once these cybercriminals are in, everything your business relies on—applications, data, communication systems, cloud services—hinges on whether your identity infrastructure can be trusted. If Active Directory or Entra ID is compromised, the adversary effectively owns your business.
The expanding threat landscape
The rise of artificial intelligence has lowered the barrier to entry for attackers. Less skilled actors can now launch sophisticated campaigns using AI-powered tools. Social engineering has become more convincing thanks to deepfake voices and realistic phishing content. Groups like Scattered Spider and Lapsus$ have demonstrated how teenagers with fluent English and clever scripts can breach Fortune 500 companies.
Meanwhile, geopolitical tensions add another layer of risk. State-sponsored actors are targeting critical infrastructure, supply chains, and even national economies. Attacks on automotive manufacturers, grocery chains, and logistics providers have shown how ransomware can ripple through GDP figures and disrupt entire nations.
Another threat is internal AI adoption. Organizations rushing to deploy large language models often grant them broad access to sensitive data. These non-human identities, if compromised, offer attackers a fast track to high-privilege operations.
Why the C-suite must be prepared
One aspect of ransomware recovery that organizations consistently underestimate is the human toll. During a major incident, IT staff may work 24 to 36 hours straight. The exhaustion becomes so severe that critical personnel literally can’t be woken when sent home to rest. Organizations sleep in their offices, operating on adrenaline while trying to make complex technical decisions under extreme pressure.
According to recent Gartner®2 research, “A lack of budget is a significant hurdle, with 47% of the respondents ranking it as one of their Top 3 challenges. This points to the financial investment required for dedicated isolated environments. This is followed by a lack of people, with 45% of the respondents citing this as one of their Top 3 challenges.”
This is where the lack of preparation becomes acutely painful. Executives cannot afford to treat ransomware as a technical nuisance. A successful compromise impacts every dimension of the business:
- Operations: Identity outages mean employees cannot log in, applications cannot authenticate, and supply chains grind to a halt.
- Communication: If email and collaboration platforms are down, even basic coordination becomes impossible. Many employees don’t know colleagues’ phone numbers outside of digital directories.
- Reputation: Customers, partners, and regulators will judge the speed and transparency of your response.
- Financials: Recovery delays translate directly into lost revenue, missed SLAs, and in some cases, billions in economic impact.
The path forward: Identity resilience as a strategic priority
The mantra “it’s not if, it’s when” has never been truer. Adversaries are already inside many organizations, often for 150 days or more before detection. The only rational posture is to assume breach and prepare for recovery.
Cybersecurity is now a shared responsibility across leadership, security teams, IT operations and business units. Identity is at the center of it all. The organizations that recover fastest—and often suffer the least damage—are the ones that:
- Govern identity as a critical business system
- Invest in specialized identity recovery capabilities
- Conduct regular tabletop exercises
- Build a culture of vigilance and cross-team collaboration
- Leverage experienced partners to fill skill gaps
I’ve seen firsthand how identity resilience determines business resilience. Whether it’s leveraging recovery software, cloud-based recovery-as-a-service, or expert incident response, I’ve learned that speed and confidence are critical for organizations to regain control after an incident.
Ransomware isn’t slowing down. But with the right preparation and a C-suite that embraces cyber resilience as a strategic priority, your organization can stay ahead of the threat.
Source
- Financial Times, “CEOs must prepare companies for cyber attacks, says UK agency,” October 2025.
- Gartner Research, “IT Resilience Survey for 2026: Ransomware Recovery and Readiness”, by Ajeeta Malhotra, Ron Blair, September 2025. GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.
