Ransomware-as-a-service (RaaS)

I recently shared some thoughts on AI and the future workplace. Today however, I want to address another pressing concern increasingly troubling leadership teams – Ransomware-as-a-Service or RaaS.

For those unfamiliar, RaaS basically allows hackers to rent ransomware tools to launch attacks. So malicious individuals with no technical expertise can now inflict harm by just paying for tools. As if we don’t have enough to worry about with experts already capable of this!

And the data underlines this democratised menace – the average ransom payment extracted has doubled over the past year as RaaS proliferates. This escalating threat spreads rapidly too. Once clever ransomware developers lease their creations, countless imitators emerge, further compounding risks.

So, for companies still viewing cyber security as just an IT problem or cost centre, in my opinion, an urgent re-frame is required. Ransomware isn’t going away – if anything, RaaS makes it inevitable that virtually every business will face an attack at some point.

The good news is there are ways to get ahead of this. I’m talking endpoint security frameworks, employee education, rapid response protocols. And having a Cyber Security Expert and vendor onboard to identify and address vulnerabilities before you see them on the 6 o’clock news after an attack.

I understand executives are focused squarely on customers and growth trajectories, however, discounting cyber risks hands adversaries an open invitation.

Remaining vulnerable means you’re accepting potential PR disasters, disrupted operations, and mammoth clean-up costs down the road. Staying secure and resilient against RaaS means being proactive now.

For any leadership teams aiming to stay ahead of the ransomware threat curve, I’m always happy to support you in finding that cyber security expert that’s right for your organisation as PSD recruit CISO’s as well as commercial business leaders for leading Cyber Security vendors. The threat landscape evolves by the day – but preparation can prevent overreaction in crisis situations when organisations are caught off guard.


Stuart Bremner