57% of CISOs Experienced Ransomware Attacks that Started on Endpoint Devices, with Many Taking Two Weeks to Recover

SEATTLE: #absolutesecurity--Fifty-eight percent of cybersecurity leaders would consider paying cybercriminals to end a ransomware attack, with 46 percent ranking operational downtime as the most significant impact ransomware is likely to have on their organizations.

These are among findings revealed in The Ransomware Reality: Zero Days to Recover. This new report from Absolute Security includes results from a survey of 750 enterprise Chief Information Security Officers (CISOs) across the United States and United Kingdom, conducted by independent polling provider Censuswide.

“It’s not surprising to learn that despite regulatory pressure, security and risk leaders remain open to paying a ransom to recover their systems and protect data, especially when considering that prolonged downtime can lead to unsustainable losses,” said Christy Wyatt, President and CEO, Absolute Security. “CISOs that can quickly restore continuity after disruptive attacks can avoid getting trapped in a downtime cycle, which will only grow alongside cybercriminals’ increasing use of AI-powered attacks.”

Ransomware continues to top CISOs’ ledgers as one of the most menacing threats they face, with their endpoint device infrastructures significantly vulnerable. Over the past 12-18 months, 57 percent reported their enterprises experienced an attack that originated on a remote, mobile, or hybrid device, with 58% in agreement that an incident left endpoints inoperable.1 Neither finding was unpredictable, when considering that additional telemetry-based research from millions of PCs revealed critical endpoint security controls fail to operate 20 percent of the time.2

This second edition in the State of Enterprise Cyber Resilience research series surfaced additional salient findings that expose how ransomware is impacting operational resilience. Included in the results were several top takeaways:

Confidence Paradox. 83% of CISOs reported being confident in their businesses’ ability to recover from ransomware, yet 57% took as long as six days to bounce back and 20% took as long as two weeks. No CISOs reported having the ability to recover within a day.

Sneaker Net. Despite knowing that ransomware continues to cause operational disruptions, 59% of organizations agree they must take physical possession of an endpoint to remediate and restore the device after an incident. Only 53% of organizations have remote recovery capabilities in place, despite the wide-spread availability of such tools.

Mythos Variable. CISOs reported that legacy system patching is the second most challenging ransomware mitigation method at 42% (this was only 1% behind the top-ranked challenge-Employee Awareness Training at 43%). With Claude Mythos showing that advanced LLMs in the hands of defenders and attackers can surface vulnerabilities at speeds the industry cannot keep pace with, organizations will face continued disruption caused by threats that leverage unmitigated software risks. This means that while patching must remain a key security tactic, the ability to recover from increasing vulnerabilities and exploits must rise to the top of the priority stack.

Download your complimentary copy of the new report: The Ransomware Reality: Zero Days to Recover

Discover how Absolute Security helps organizations defend against and stop downtime caused by ransomware and other cyber disruptions by meeting with our experts at the Cyber Resilience Hub in Las Vegas during Dell Technologies World 2026. Book a meeting, attend the Resilient CISO & CISO Workshop, and join the happy hour.

About Absolute Security

Absolute Security is partnered with more than 28 of the world’s leading endpoint device manufacturers, embedded in the firmware of 600 million devices, trusted by thousands of global enterprise customers, and licensed across 16 million PC users. With the Absolute Security Cyber Resilience Platform integrated into their digital enterprise, customers ensure their mobile and hybrid workforces connect securely and seamlessly from anywhere in the world and that business operations recover quickly following cyber disruptions and attacks. To learn more, visit www.absolute.com and follow us on LinkedIn, X, Facebook, and YouTube.

ABSOLUTE SECURITY, ABSOLUTE, the ABSOLUTE LOGO, AND NETMOTION are registered trademarks of Absolute Software Corporation ©2026, or its subsidiaries. All Rights Reserved. Other names or logos mentioned herein may be the trademarks of Absolute or their respective owners. The absence of the symbols ™ and ® in proximity to each trademark, or at all, herein is not a disclaimer of ownership of the related trademark.

Fonte: Business Wire