Ransomware Dominates Breaches, Shifting Cybersecurity Focus to Identity Resilience
Ransomware remains a dominant threat, accounting for 44% of all breaches in 2025, according to Verizon’s Data Breach Investigations Report. The impact is even more severe for small and midsize businesses (SMBs), where ransomware plays a role in nearly 90% of breaches, compared to 39% for large organizations.
Attackers increasingly target privileged accounts and identity infrastructure, such as Active Directory, to escalate access and lock out legitimate users within minutes. Even after data restoration, a compromised identity layer can prolong recovery, leaving organizations unable to regain control of their systems.
As a result, identity recovery has become a cornerstone of cyber resilience. Identity systems are deeply embedded in authentication and access workflows, making their recovery critical to preventing reinfection. Security leaders now prioritize secure restoration to ensure attackers cannot re-enter compromised environments.
The issue has escalated to board-level concern, with regulators and cyber insurers demanding tested recovery plans, immutable backups, and defined recovery time objectives (RTOs). Frameworks like GDPR and CCPA impose penalties for prolonged downtime, pushing organizations to adopt recovery engineering a structured, automated approach that aligns technical recovery with business priorities.
Key capabilities for resilience include:
- Identity resilience: Immutable backups and automated recovery for identity systems.
- Zero-trust architecture: Least-privilege access and continuous authentication to limit attack spread.
- Automated orchestration: Reducing manual steps to accelerate response times.
- Regulatory readiness: Integrating compliance validation into resilience planning.
- AI-ready protection: Securing data environments against autonomous threats with fast rollback capabilities.
- Backup platform isolation: Treating backups as a separate security domain for minimal viable recovery.
Companies like Cognizant and Rubrik are addressing these challenges with integrated solutions. Rubrik offers immutable storage, ransomware recovery, and Active Directory restoration, while Cognizant provides orchestration and domain expertise to align recovery with business continuity and compliance needs. Together, they aim to strengthen cyber resilience through a unified, service-based model.
Rubrik TPRM report: https://www.rankiteo.com/company/rubrik-inc
Cognizant TPRM report: https://www.rankiteo.com/company/cognizant
Verizon TPRM report: https://www.rankiteo.com/company/verizon
"id": "cogverrub1770942636",
"linkid": "cognizant, verizon, rubrik-inc",
"type": "Ransomware",
"date": "5/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'type': ['Small and midsize businesses (SMBs)',
'Large organizations']}],
'attack_vector': ['Privileged accounts',
'Identity infrastructure (e.g., Active Directory)'],
'data_breach': {'data_encryption': 'Data encryption by ransomware'},
'description': 'Ransomware remains a dominant threat, accounting for 44% of '
'all breaches in 2025. Attackers increasingly target '
'privileged accounts and identity infrastructure, such as '
'Active Directory, to escalate access and lock out legitimate '
'users. Identity recovery has become a cornerstone of cyber '
'resilience, with regulators and cyber insurers demanding '
'tested recovery plans, immutable backups, and defined '
'recovery time objectives (RTOs).',
'impact': {'operational_impact': 'Prolonged recovery due to compromised '
'identity layer; inability to regain control '
'of systems',
'systems_affected': ['Identity systems',
'Authentication and access workflows']},
'lessons_learned': 'Identity recovery is critical to cyber resilience; secure '
'restoration prevents reinfection; recovery plans must '
'align with business priorities and compliance '
'requirements.',
'post_incident_analysis': {'corrective_actions': 'Adopt recovery engineering; '
'implement identity '
'resilience, zero-trust '
'architecture, and automated '
'orchestration',
'root_causes': 'Compromised identity '
'infrastructure (e.g., Active '
'Directory); lack of tested '
'recovery plans and immutable '
'backups'},
'ransomware': {'data_encryption': True},
'recommendations': ['Implement immutable backups and automated recovery for '
'identity systems',
'Adopt zero-trust architecture with least-privilege '
'access and continuous authentication',
'Use automated orchestration to accelerate response times',
'Integrate compliance validation into resilience planning',
'Secure data environments against autonomous threats with '
'fast rollback capabilities',
'Treat backups as a separate security domain for minimal '
'viable recovery'],
'references': [{'source': 'Verizon’s Data Breach Investigations Report'}],
'regulatory_compliance': {'regulations_violated': ['GDPR', 'CCPA']},
'response': {'recovery_measures': ['Identity resilience',
'Zero-trust architecture',
'Automated orchestration',
'Backup platform isolation'],
'remediation_measures': ['Immutable backups',
'Ransomware recovery',
'Active Directory restoration'],
'third_party_assistance': ['Cognizant', 'Rubrik']},
'title': 'Ransomware Dominates Breaches, Shifting Cybersecurity Focus to '
'Identity Resilience',
'type': 'Ransomware'}