Ransomware Readiness Index: A Proposal to Measure Current Preparedness and Progress Over Time
DownloadSpiewak-Reynolds-Weitzner-RansomwareReadinessIndex-IPRI-2021-WP-02.pdf (2.744Mb)
Metadata
Show full item recordAbstract
Ransomware is currently one of the most pressing cybersecurity threats for enterprises. While the consequences of ransomware have been long known, both firms and governments lack critical information needed to assess progress toward meaningful resilience. In this paper, we propose a new “Ransomware Readiness Index” (RRI) based on in-depth independent analysis of recently issued United States Executive Branch policy guidance on cybersecurity and ransomware. The RRI measures the aggregate level of enterprise readiness by sector (as well as other attributes), identifies the areas most at risk, and tracks progress over time toward full implementation of recent government recommendations. The index allows organizations to privately benchmark themselves against peers and focus on areas of opportunity to better mitigate against ransomware threats. The RRI provides policymakers with critical feedback on the progress of these important control improvement efforts. We will securely compute the new index using MIT IPRI’s SCRAM platform given its ability to aggregate data without requiring organizations to disclose their own sensitive data to other firms, to government entities or even MIT researchers performing the index computation.
Date issued
2021-09-21Series/Report no.
IPRI/2021/WP;02
Keywords
Ransomware, Cybersecurity, Measurement, Multiparty computation