A new Cybereason survey found that more than four out of five respondents – some 81% -- said they are “highly” or “very concerned” about the risk of ransomware attacks.
The survey’s authors said the response underscores what a pervasive threat ransomware has become and that the security industry must respond with urgency to address the dramatic increase in ransomware cases.
Anybody working in cybersecurity today who doesn’t agree can’t possibly be paying attention because it’s estimated that there’s a ransomware attack on a business every 11 seconds on average, with global ransomware damage losses projected to reach $20 billion this year. The FBI reported an increase of more than 225% in total losses from ransomware in the U.S. in 2020 alone.
The Cybereason research found that the vast majority of organizations have experienced significant business impact because of ransomware attacks, including loss of revenue and damage to the organization’s brand, unplanned workforce reductions, and even having the business close down altogether.
And there’s major risk in paying a ransom: The study found that the majority of organizations that chose to pay ransom demands in the past were not immune from subsequent ransomware attacks, often by the same threat actors. Some 80% of respondents who paid a ransom say they experienced a subsequent attack. In addition, having cyber insurance coverage in place does not guarantee an organization can recoup losses associated with a ransomware attack.
Ransomware attacks can negatively impact an organization in a variety of ways, with combined losses potentially reaching tens or even hundreds of millions of dollars. A solid majority – 66% -- of survey respondents reported significant revenue loss from a ransomware attack. Short-term impacts can include disruption of critical business operations because of the inability to access data, costs associated with incident response and mitigation efforts, interruption of system processes, lost productivity, and the ransom payment itself. Longer term impacts can include diminished business revenue, damage to the brand reputation, loss of top executives and employee layoffs, and loss of customers and strategic partners.
The Cybereason study also breaks down how ransomware has impacted revenue loss and layoffs by the following industry verticals: automotive, financial services, government, healthcare, legal, manufacturing, and retail.