Stories of organizations crippled by ransomware regularly dominate the IT news headlines,
and accounts of six- and seven-figure ransom demands are commonplace. But do the
news stories tell the full story?
To understand the reality behind the headlines, Sophos commissioned an independent
survey of 5,000 IT managers across 26 countries. The findings provide brand new insight
into what actually happens once ransomware hits. It reveals the percentage of attacks
that successfully encrypt data; how many victims pay the ransom; how paying the ransom
impacts the overall clean-up costs; and the role of cybersecurity insurance. Be prepared to
be surprised.
Interested in ransomware? Check our researchHQ’s guide to today’s top cyber threats and how to navigate them.
Executive summary
The survey provides fresh new insight into the experiences of organizations hit by ransomware,
including:
Almost three-quarters of ransomware attacks result in the data being encrypted. 51% of organizations were hit by ransomware in the last year. The criminals succeeded in encrypting the data in 73% of these attacks.
26% of ransomware victims whose data was encrypted got their data back by paying
the ransom. A further 1% paid the ransom but didn’t get their data back.
94% of organizations whose data was encrypted got it back.
More than twice as many got it back via backups (56%) than by paying the ransom (26%).
Paying the ransom doubles the cost of dealing with a ransomware attack. The average cost to rectify the impacts of the most recent ransomware attack (considering downtime, people time, device cost, network cost, lost opportunity, ransom paid etc.) is US $732,520 for organizations that don’t pay the ransom, rising to US$1,448,458 for organizations that do pay.
Despite the headlines, the public sector is less affected by ransomware than the
private sector. 45% of public sector organizations were hit by ransomware last year,
compared to a global average of 51%, and a high of 60% in the media, leisure, and
entertainment industries.
One in five organizations has a major hole in their cybersecurity insurance.
84% of respondents have cybersecurity insurance, but only 64% have insurance that covers
ransomware.
Cybersecurity insurance pays the ransom. For those organizations that have insurance against ransomware, 94% of the time when the ransom is paid to get the data back, it’s
the insurance company that pays.
Most successful ransomware attacks include data in the public cloud. 59% of attacks where the data was encrypted involved data in the public cloud. While it’s likely that respondents took a broad interpretation of public cloud, including cloud-based services such as Google Drive and Dropbox and cloud backup such as Veeam, it’s clear that cybercriminals are targeting data wherever it stored.
