For years, ransomware was viewed as another cybersecurity threat, an unfortunate but manageable IT incident. That assumption is now dangerously outdated.
The recent ransomware attack on Bajaj Auto, one of India’s largest automobile manufacturers, serves as yet another reminder that cybercriminals are no longer targeting just data. They are targeting production lines, research centres, supply chains and ultimately, business continuity itself. The incident affected both Bajaj Auto and its technology subsidiary, prompting immediate containment and recovery efforts. While the company has indicated that mitigation measures have been effective, the event underscores a larger reality: ransomware today is aimed at stopping businesses, not merely stealing information.
This is part of a global trend.
The ransomware attack on the Colonial Pipeline in the United States disrupted fuel supplies across the East Coast. MGM Resorts International suffered widespread operational disruption affecting hotels, casinos and customer services. Maersk lost hundreds of millions of dollars after malware crippled global shipping operations, while JBS S.A. temporarily shut meat-processing facilities across multiple countries.
The common thread across these incidents is unmistakable. Attackers are increasingly focused on organisations where every hour of downtime carries significant financial and reputational consequences.
For large enterprises, the threat extends well beyond encrypted servers. Modern ransomware groups typically steal sensitive data before encrypting systems, creating a “double extortion” model where organisations face the twin risks of operational disruption and public exposure of confidential information. Manufacturing, financial services, healthcare, energy and critical infrastructure have become preferred targets because the pressure to resume operations is immense.
For Chief Information Security Officers, this demands a fundamental shift in strategy.
Cybersecurity can no longer operate in isolation from enterprise risk management. The CISO must work alongside the Chief Risk Officer, Chief Operations Officer, business leaders and the Board to ensure cyber resilience becomes an organisational capability rather than merely a technology function.
Five priorities deserve immediate attention.
First, assume compromise. Modern security strategies should be built on Zero Trust principles, continuous monitoring and rapid detection rather than perimeter defence alone.
Second, protect what matters most. Critical production systems, operational technology, intellectual property and crown-jewel business applications should be segmented from the broader corporate network to limit lateral movement.
Third, recovery capability must be tested, not documented. Offline immutable backups, disaster recovery drills and ransomware simulations should be exercised regularly under realistic conditions.
Fourth, third-party cyber risk requires equal attention. Suppliers, managed service providers and technology partners often provide attackers with indirect entry points into enterprise environments.
Finally, incident response must become a Board-level exercise. Communication protocols, regulatory reporting, legal preparedness, crisis management and business continuity should be rehearsed well before an incident occurs.
Artificial intelligence is enabling defenders to identify anomalies faster than ever before. Unfortunately, it is equally empowering attackers to automate phishing campaigns, identify vulnerabilities and accelerate ransomware deployment. The speed of attack is increasing. Organisational resilience must keep pace.
The most dangerous misconception is that ransomware remains an IT issue.
It is not.
It is an enterprise resilience challenge that affects revenue, operations, investor confidence, regulatory compliance and brand trust.
In today’s digital economy, the question is no longer whether organisations will face ransomware. It is whether they can continue operating when they do.
