Ivanti reveals gaps in ransomware playbooks
TL;DR
Ivanti reports a widening gap between ransomware threats and defenses. Many organizations are unprepared to combat these attacks effectively.
Ivanti revealed that the gap between ransomware threats and defenses is widening. According to the State of Cybersecurity 2026 report, the preparation gap has increased by an average of 10 points per year across all threat categories. For ransomware, 63% of security professionals classify it as a high or critical threat, but only 30% feel "very prepared" to defend against it, resulting in a 33-point gap.
The CyberArk report for 2025 indicates there are 82 machine identities for every human in organizations. 42% of these identities have privileged or sensitive access. The ransomware playbook from Gartner, for instance, does not address machine credentials like service accounts, API keys, and tokens, focusing solely on users and devices.
The Ivanti report also highlights that the cyber readiness gap has deepened in areas beyond ransomware, such as phishing and software vulnerabilities. The lack of effective management of machine identities is a weak point organizations need to address to combat ransomware more effectively.
CrowdStrike revealed that only 38% of organizations that experienced ransomware attacks fixed the specific issue that allowed attackers in. The rest invested in general security improvements without closing the actual entry point. This scenario reflects the urgent need to include machine identities in containment procedures.
The report concludes that including an inventory of machine identities and containment procedures in playbooks is crucial. Organizations that make these additions will be better positioned to govern the autonomous identities that will emerge with AI integration.
Content selected and edited with AI assistance. Original sources referenced above.
