Ransomware market

If you obsessively follow the startup community on Reddit and Youtube—as I do—you will have  likely heard the advice of “finding a problem and fixing it.” 

It is understandable that so many startups see ransomware as a problem worth fixing. It dominates the headlines. More and more organisations are falling victim to its wrath each day. 

But the truth is that ransomware is not a problem you can simply “fix”, nor can there be an anti-ransomware solution that totally obliterates the threat of ransomware from existence. 

Here are just four of the reasons you cannot succeed with an anti-ransomware solution:

1. There is already a solution to the problem of ransomware

There are 3,254 cybersecurity solutions and tens of thousands of service providers and consultants in an industry that has been around almost 30 years.

Organisations that have invested wisely in security don’t appear in the news for outages due to ransomware. The 3,253 other cybersecurity vendors have already failed to sell to the organisations that get hit by ransomware. What makes you so special that you can overcome spending issues?

2. There is no identifiable market for anti-ransomware

Think about it. The schools, counties, government agencies, and printing plants that are devastated by ransomware self-identify as having no mature IT systems. 

You never see an article that XYZ experienced a two-hour outage as they restored all their data from backup. If you were to try to sell your quantum-safe encryption, data-diode air gap, or moving target defence solution, to one of these organisations, who would you even call? 

They don’t have a security team. How are you going to explain your solution to the plant manager, the board of education, or the CEO?

3. The data backup and discovery business tried and failed 

There is an industry that is much more mature than cybersecurity that has already failed to sell to these organisations. It’s called the data backup and recovery business.

It includes Veritas, EMC, Acronis, Qumulo, IBM, and Quest, to name a few. They have been in this business for decades.  If they cannot sell their solutions to schools, manufacturers, counties, and pipeline operators, how will you?

4. What about “ambulance chasing?” 

The CEO/board/plant manager is sure to buy an anti-ransomware solution after a near-death experience. It’s too late. The IR (incident response) firm that they brought in is already there. They have sold them an EDR solution and brought in their MSSP partner to bring the victim into the 21st century.

If you truly have a great new technology, search for a different use case than ransomware. Can you stop zero days? Your airgap firewall impenetrable? Your AI detects attacks earlier? 

Find organisations that already understand they have a cybersecurity problem. All the big banks, every member of the defence industrial base, the 17+ US spy agencies, and hundreds of large technology companies around the world. 

Anti-ransomware is not a hill you want to die on.