Two-thirds of ransomware victims paid up last year
A record 71 percent of organizations were impacted by successful ransomware attacks last year, according to the 2022 Cyberthreat Defense Report (CDR) from CyberEdge Group, up from 55 percent in 2017.
Of those that fell victim, almost two-thirds (63 percent) paid the requested ransom, up from 39 percent in 2017.
CyberEdge believes there are three reasons why ransoms are being paid. Firstly because failure to pay a ransom can result (and has resulted) in public exposure of highly sensitive data, to the embarrassment of victims.
Secondly many organizations conclude that paying a ransom is significantly less costly than enduring the high cost of system downtime, customer disruptions, and potential lawsuits that could stem from publicly exposed confidential data.
And thirdly 72 percent of ransom-paying victims recovered their data last year, up from 49 percent in 2017. This increased confidence for successful data recovery is often factored into the ransom-paying decision.
"These days, being victimized by ransomware is more of a question of 'when' than 'if,'" says Steve Piper, founder and CEO of CyberEdge Group. "Deciding whether to pay a ransom is not easy. But if you plan ahead, and plan carefully, that decision can be made well in advance of a ransomware attack. At the very least, a decision framework should be in place so precious time isn't wasted as the ransom payment deadline approaches."
The report also highlights the ongoing skills shortage, 84 percent of responding organizations are experiencing a shortfall of skilled IT security personnel. IT security administrators (41 percent), IT security analysts (33 percent), and IT security architects (32 percent) are the skills in greatest demand.
In addition, too many organizations teach their employees how to evade email- and web-based cyberthreats when they're hired but don't follow up with additional, periodic training to reinforce those lessons learned.
On a more positive note 83 percent of organizations are experiencing growth in their security budgets, up from 78 percent last year. Plus the average security budget has grown by 4.6 percent in 2022, up from 4.0 percent in 2021.
The full report is available from the CyberEdge site.