Cybereason Releases Third Annual Ransomware Study
Cybereason has released the results of their third annual ransomware study, aimed at gaining a deeper understanding of the true impact of ransomware on businesses. The study, conducted on a global scale, indicates that ransomware attacks are not only increasing in frequency but also in their effectiveness and sophistication.
The report, titled ‘Ransomware: The True Cost to Business 2024’, sheds light on some alarming statistics. 56 percent of the organisations surveyed have experienced more than one ransomware attack within the last 24 months. What’s even more concerning is that almost 80 percent of the organisations which paid the ransom were hit with a second attack. Furthermore, 82 percent of these organisations experienced another attack within a year, with 63 percent being asked to pay ransoms again.
One of the most significant revelations of the study is that of the organisations that chose to pay a ransom in exchange for their encrypted systems, only 47 percent received their data and solutions back in an uncorrupted state. These findings strongly emphasize the futility of paying ransomware attackers, suggesting that organisations should instead focus on detection and prevention tactics to halt ransomware attacks before any significant damage is done.
Greg Day, the Global Field CISO (VP) at Cybereason, expressed his concerns about the incomplete ransomware strategies adopted by many businesses. He highlighted that while many businesses have a ransomware strategy in place, it is often incomplete or missing key elements. Day pointed out that many organisations are paying the ransom due to inadequate plans and a lack of awareness about the extent of their cyber insurance coverage.
Additionally, the study revealed several key findings, including the fact that 56 percent of organisations were unaware of a breach for 3-12 months, with 41 percent of attackers gaining access through a supply chain partner. The study also showed that attacker demands tend to increase at every stage, with 78 percent of organisations being breached a second time, resulting in 63 percent being asked to pay more.
The financial impact of ransomware attacks is also substantial, with 46 percent of organisations estimating total business losses of $1-10 million and 16 percent estimating losses exceeding $10 million. These losses extend beyond financial implications and include the loss of revenue, brand damage, and staff layoffs.
Furthermore, the study found that less than half of the businesses feel adequately prepared for the next attack, despite 87 percent of organisations increasing their spend on cybersecurity. Only 41 percent believe they have the right people and plans in place to effectively manage subsequent attacks.
The findings from the study underscore the urgent need for organisations to reassess their approach to dealing with ransomware attacks. Instead of resorting to paying ransoms, businesses should focus on robust detection and prevention strategies to thwart attacks before they wreak havoc.
For more information on the study, visit https://www.cybereason.com/ransomware-the-true-cost-to-business-2024.