The biggest evidence I see that ransomware attacks are a business and board level function, and not a technical function, comes from our customer base.
Not referrals or anything like that, although those are nice.

When enterprise leadership realizes prevention creates a tightly controlled dataflow, in which only Cyber Crucible "knows" about an attack, the business side and inside counsel becomes much more interested in keeping that information sealed up tight.
Words like whistleblowers, and ensuring properly vetted personnel have access to the data, become spoken of with more frequency. That aligns really well with the business operations side, and talk of whistleblowers and stock value dips isn’t really a cybersecurity briefing topic (though it certainly influences it!).

Now that the myriad of cybersecurity analysts, and others, working really hard at their job, trying to keep up, don't need to have highly visible efforts....
risk looks a lot more private.

It reminds me of my days working with the military special forces folks - admittedly as a nerd, not as a Captain America re-enactment.
Information was kept on a need-to-know basis.
Heck, if I saw someone out and about the next city over, I didn't even say hello until I knew it was OK to do so.

Of course in business, "need to know" and the nomenclature around that is different.

I know some of you say, "that's my job, Dennis must not understand".
You, my brother in privacy, are the exception, not the rule.
There are a ton of companies that wish they could have that, especially during or after a ransomware attack.
We're lowering the bar, even though really the job is self-empowerment.

Though, I suppose the Right to Privacy really does have a lot to do with self-empowerment, doesn't it?

Check out this cool Forbes article by Danny Pehar, as a relevant topic.

https://www.forbes.com/councils/forbestechcouncil/2026/03/09/ransomware-in-2026-why-prevention-is-now-a-board-level-discipline-not-an-it-project/