Ransomware - it doesn't pay to pay

Cybereason has published the results of their third annual ransomware study, commissioned to better understand the true impact of ransomware to businesses.

  • Thursday, 22nd February 2024 Posted 10 months ago in by Phil Alsop

This global study reveals ransomware attacks are becoming more frequent, effective, and sophisticated:

56 percent of organisations surveyed suffered more than one ransomware attack in the last 24 months.

It still ‘doesn’t pay to pay’ as almost 80 percent of organisations who paid the ransom were hit a second time

82 percent were hit again within a year

63 percent were asked to pay again

The report ‘Ransomware: The True Cost to Business 2024’ further revealed that of the organisations who opted to pay a ransom in return for their encrypted systems, only 47 percent received their data and solutions back uncorrupted. These findings emphasise why it does not pay to pay ransomware attackers, and organisations should instead focus on detection and prevention tactics to end ransomware attacks before material damage occurs.

“This year’s research shows that, while most businesses have a ransomware strategy in place, many are incomplete. They’re either missing a documented plan, or the right people to execute it. As a result, we see that many organisations are paying the ransom. Likewise whilst many have cyber insurance, too many simply don’t know if, or to what degree it covers them for ransomware attacks. This is problematic on several levels. It’s no guarantee that attackers won’t sell your data on the black market, that you’ll even get your full files and systems back, or that you won’t be attacked again.” - Greg Day, Global Field CISO (VP), Cybereason.

Further key findings of the study include:

Attackers are evolving and the supply chain shows weakness - 56 percent didn’t detect a breach for 3-12 months, with 41 percent of the attackers getting in via a supply chain partner.

Attacker demands increase at every stage - 78 percent were breached a second time, with 63 percent being asked to pay more.

The true cost is staggering - 46 percent estimate total business losses of $1-10 million and 16 percent estimate total business losses of over $10 million. Not to mention the loss of revenue, brand damage, and layoffs that followed.

Businesses don’t have the right tools - Less than half said their businesses are adequately prepared for the next attack. Whilst 87 percent of organisations increased spend, only 41 percent feel they have the right people and plans in place to manage the next attack.

Beacon, NY, Dec 20, 2024– DocuWare unveils its AI-powered Intelligent Document Processing (DocuWare IDP), bringing about unprecedented improvements...
85% of IT decision makers surveyed reported progress in their companies’ 2024 AI strategy, with 47% saying they have already achieved positive ROI.

MSPs will invest in more AI security forecasting

Posted 5 days ago by Phil Alsop
Predictive maintenance and forecasting for security and failures will be a growing area for MSPs with an interest in security, says Nicole Reineke,...

Machine identities next big target for cyberattacks

Posted 6 days ago by Phil Alsop
Venafi has published the findings of its latest research report: The Impact of Machine Identities on the State of Cloud Native Security in 2024....
Nearly 50% of organisations have experienced a security breach in the last two years.

IT professionals recognise lack of gender diversity

Posted 1 week ago by Phil Alsop
The majority (87 percent) of IT professionals agree that there is a lack of gender diversity in the sector, yet less than half (41 percent) of...

A moving landscape for MSPs

Posted 1 week ago by Phil Alsop
2025 predictions from Ranjan Singh, chief product officer at Kaseya.

Data breach epidemic takes its toll

Posted 1 week ago by Phil Alsop
New study by Splunk shows that a significant number of UK CISOs are stressed, tired, and aren’t getting adequate time to relax.