Skip Nav

Contact the Author

To contact the author, please fill out and send the form below.

    Thank You!

    Your message has been sent.

    Oops, message not sent.

    Please make sure fields are complete.


    48% Of Employees At Surveyed Companies Were Asked By Hackers To Aid Ransomware Attacks

    Commentary From Crisis Management Expert Edward Segal, author of Crisis Ahead: 101 Ways To Prepare for and Bounce Back From Disasters, Scandals, and Other Emergencies

    Companies already have enough to worry about defending themselves against external cyberattacks. Now adding to that worry could be the possibility of internal threats.

    A new study shows that 48% of employees at surveyed organizations have been approached directly for help in planning ransomware attacks against their companies. The number is even higher — 55%— for directors.

    The survey results, “could indicate that cyber attackers are targeting employees that have lower salaries or a smaller vested interest in the company than their superiors,” according to Nicholas Brown, CEO of Hitachi ID, an identity management company. He said these workers, “are thus more likely to be enticed by the multi-million-dollar paycheck that can come from a ransomware attack.”

    The study, conducted by Pulse on behalf of Hitachi ID, received responses from 100 IT security executives across North America at mid-sized and enterprise companies.

    An Increased Internal Approach

    Brown said that, “While we don’t currently have information about how the employees reacted, we are conducting a follow-up survey to dive deeper into these statistics.

    “But we do know that 83% agree this internal approach to ransomware has increased since employees started working remotely—which makes sense since rapid digital transformation and cloud adoption has widened access.”

    Executives Acutely Aware Of Pain Points

    According to the survey, executives are acutely aware of these pain points and are working to educate employees about how these attacks may present themselves and what to do in that situation.

    • 69% of executives reported that they have increased cyber education for employees in the past 12 months; 20% have not, but plan to in the next 12 months.
    • 68% of executives said they were moderately confident in their current cybersecurity infrastructure to protect against attacks from the outside.

    Contributing Factors

    The rise in remote and hybrid work environments combined with digital transformation has opened organizations to wider access and a heightened risk of an internal attack, Hitachi said.

    Of those solicited to assist in ransomware attacks, 83% say it has become more prominent since employees started working from home. “This further emphasize[s] the need for businesses to take a proactive security offense to verify identities and access to tighten cybersecurity,” according to the company.

    Advice For Business Leaders

    Lock Down Access

    Brown recommended that, “Organizations need to think about that risk and how they’re protecting against threats from the inside by locking down access with principles of least privilege and zero trust, automatically detecting unusual behaviors and initiating automated mitigations.”

    Reduce Threat Levels

    Bryan Christ, senior sales engineer at Hitachi ID, observed that, “this survey indicates that organizations need to take a stronger, and more immediate, look at putting strategies in place to protect themselves from the inside, too.

    “To help prevent breaches from internal and external actors, organizations need to adopt a Zero Trust strategy for their infrastructure. A Zero Trust philosophy to cybersecurity presupposes inevitable intrusion and therefore proactively safeguards data and access management from the inside out. This approach helps close gaps in an organizations’ network and mitigates potential risk,” he said.

    Christ noted that, “Theft and abuse of credentials, especially powerful privileged ones, sit at the center of most breaches. Because credentials and privileges are power to cybercriminals, static and locally stored passwords are often a significant part of any breach.

    “Utilizing multi-factor authentication (MFA) and single sign-on (SSO) will significantly reduce threat levels. Additionally, allowing users the minimum access necessary to perform a specific job or task (and nothing more) puts additional safeguards in place to protect organizations from cyberattackers.

    “Smart password management and privileged protection is now imperative for every organization and will help lock down a company’s systems to defend against breaches before they happen,” he concluded.


    Edward Segal is a crisis management expert, consultant and author of the award-winning Crisis Ahead: 101 Ways to Prepare For and Bounce Back from Disasters, Scandals and Other Emergencies (Nicholas Brealey). He is a Leadership Strategy Senior Contributor for where he covers crisis-related news, topics and issues. Read his recent articles at