Ransomware has become the defining cyber threat of this decade. Once dismissed as a technical nuisance, it is now recognized by boards and regulators as a top-tier business risk. This survey confirms what incident responders already know: awareness is high, but true preparedness is far less certain.