Ransomware impacts 80 percent of enterprises
A new survey reveals that 80 percent of companies have experienced a ransomware attack, despite spending an average of $6 million annually on ransomware mitigation.
The study, from cyber advisory and solutions firm CBI, based on research by the Ponemon Institute and co-sponsored by Check Point, finds Companies are spending $170,000 per ransomware incident on staffing alone, with an average of 14 staff members each spending 190 hours on containment and remediation activities.
Of the companies surveyed 68 percent experienced an attack in the past year and 45 percent of companies impacted by a ransomware incident report they were forced to shut down temporarily.
Only 32 percent say they are confident in their security controls, indicating the need to use more effective approaches to prevent ransomware attacks. 75 percent are concerned about the ransomware risks posed by third parties, but only 36 percent of organizations evaluate their third parties’ security and privacy practices.
"Ransomware incident preparedness and mitigation remains one of the biggest challenges facing organizations regardless of their size, but it doesn't mean it has to be one of the biggest budget allocations. Organizations need to gain confidence in their approaches, technologies, personnel and tactics. Part of building that confidence is admitting where there are gaps and collaborating with strong partners to fill those gaps," says Shaun Bertrand, CSO at CBI.
The average ransomware payment is approximately $1 million and 53 percent of companies who experienced an attack paid the ransom. The most common reason given for paying up is to avoid operational downtime. Of those who didn't pay, 39 percent say it was because they had an effective backup strategy. However, 55 percent of organizations feel that full and accurate data backups are not enough to properly mitigate a ransomware incident, as in 41 percent of cases, sensitive data was also exfiltrated during the attack.
The full report is available from the CBI site.