Ransomware survey reveals nearly a third of businesses suffered data loss in 2024

Number of ransomware victims paying a ransom more than doubles over past year.

  • Wednesday, 16th October 2024 Posted 6 months ago in by Phil Alsop

The number of ransomware victims who paid a ransom in 2024 (16.3%) more than doubled on the previous year (6.9%), according to new research from leading cybersecurity provider Hornetsecurity. Data loss has also increased dramatically, from 17.2% in 2023 to 30.2% in 2024. Alarmingly, 5% of organizations reported a complete loss of all affected data.

These worrying trends come as data recovery rates have hit a new low. The increasing sophistication of cyberattacks has meant that the data recovery rate for businesses hit by ransomware has dropped from 87.4% in 2021 to just 66.3% this year.

The survey also revealed that email and phishing attacks remain the most common vector of attack for ransomware, responsible for 52.3% of attacks. Despite a slight reduction in attack volume from 21.1% in 2021 to 18.6% in 2024, the severity of these criminal behaviours has increased.

Commenting on the findings, Hornetsecurity CEO Daniel Hofmann said: “The evolving landscape of ransomware threats highlights the need for constant vigilance. The data shows that while fewer attacks are being reported, the outcomes are far more damaging, with potentially devastating consequences for organizations that fall victim to them.

“Criminals are constantly shifting tactics, and organizations of all sizes must invest in comprehensive security measures and ongoing cybersecurity awareness training to stay protected.”

Generative AI: a double-edged sword

The rise of generative AI technology has heightened fears of ransomware, with two-thirds (66.9%) of respondents indicating that AI has increased their apprehension about potential attacks.

This comes as general concerns about ransomware remain high, with nearly 85% of companies expressing moderate to extreme worry. While 89.4% of businesses acknowledge their senior leadership’s awareness of ransomware risks, only 56.3% report that leadership is actively engaged in prevention strategies. Additionally, 39.2% are content to leave the issue primarily to IT departments.

The survey showed 84.1% of respondents view ransomware protection as a top IT priority, and 87% have established disaster recovery plans - and while this represents the majority, there are some concerns around the organizations that do not prioritize ransomware given its potentially ruinous consequences on a business’s operations. When it comes to the ‘why’, one reason might be that some people (13.1%) mistakenly believe reliance on platforms like Microsoft 365 or Google Workspace negates the need for a formal plan.

Training in cybersecurity: urgent refreshes required

Despite 95.8% of respondents acknowledging the value of cybersecurity training, several concerns and misconceptions persist. The main issue is the time commitment, with 17.8% of respondents believing it is too demanding.

Additional feedback includes the perception that users are ‘untrainable’ (14.4%), the high cost of training (12.3%), and the significant time burden on IT staff (10.6%). A smaller proportion (7.6%) view training as outdated.

Hornetsecurity’s research shows just over half (52.3%) of ransomware attacks stem from email and phishing attempts - and breaches of the human firewall. This shows the urgent need to overcome resistance to training, as employees are the first line of defence against cyber threats. To maintain effective security and adapt to evolving cybercriminal tactics, continuous and evolving training is essential.

Awareness and insurance trends

Awareness of the impact of ransomware on Microsoft 365 data has improved significantly, with only 9.8% of respondents now uncertain about its vulnerability, down from 25.3% in 2022.

In addition to this, the uptake of ransomware insurance has increased markedly, with 54.6% of organizations purchasing coverage in 2024, up from 37.9% in 2022.

Daniel Hofmann added: “Generative AI is a game-changer in ransomware, making attacks smarter and organizations understandably more nervous. It’s promising to see more businesses taking up ransomware insurance, but awareness isn’t enough. Next-gen, AI-powered cybersecurity solutions are a crucial step in the battle against cybercriminals, but it is clear that organizations also need strong leadership, robust and engaging training, and constant vigilance to stay one step ahead.”

Complexity, scalability and compatibility remain challenging - 70% data workers struggle with pipeline management.

Cybersecurity strategies are failing

Posted 2 days ago by Phil Alsop
Cyber firm pleads with enterprises to wake up to the data security crisis before financial and legal fallout becomes catastrophic.
Avanade is unveiling the Avanade Intelligent Garden at this year's RHS Chelsea Flower Show in celebration of its 25th anniversary.

AI agents break cover

Posted 1 week ago by Phil Alsop
In a global survey of IT leaders, Cloudera found that enterprises are keen on AI agents, but fears around data privacy, integration, and data quality...
Economist Impact is pleased to announce the inaugural AI Compute summit, scheduled for May 22nd 2025, at the Scandic Copenhagen in Copenhagen. This...

Majority of AI projects don't make it to market

Posted 1 week ago by Phil Alsop
SS&C Technologies Holdings has published findings from a new survey: governance, process orchestration and strategic planning are critical to...

Security and compliance risks make VPNs obsolete

Posted 1 week ago by Phil Alsop
Zscaler has published the Zscaler ThreatLabz 2025 VPN Risk Report, commissioned by Cybersecurity Insiders, which highlights the widespread security,...

AI tops tech growth charts

Posted 1 week ago by Phil Alsop
Despite high interest rates, economic slowdown, stricter regulations on big tech and AI, Trump's tariff policies, and global trade wars, which hit...