Cybereason: 80% of orgs that paid the ransom were hit again

Ransomware attacks are on the rise globally as cybercriminals adopt more sophisticated tactics, and damage losses are projected to reach $20 billion worldwide this year. The Federal Bureau of Investigation reported a 225% increase in total losses from ransomware in the United States in 2020. Estimates suggest businesses are under attack every 11 seconds, on average. Against this backdrop, the Cybereason Global Ransomware Study measured how much financial and reputational damage these attacks wreak on businesses.

Dealing with the aftermath of a ransomware attack can be complicated and costly. The vast majority of organizations experienced significant business impact due to ransomware attacks, including loss of revenue (66%), damage to the organization’s brand (53%), unplanned workforce reductions (29%), and even closure of the business altogether (25%).

Above: This table provides a side-by-side comparison of which solutions were in place that may have protected organizations from a ransomware attack and the investments made by organizations after an attack.

Image Credit: Cybearson

After an organization experienced a ransomware attack, the top 5 solutions implemented included security awareness training (48%), security operations (SOC) (48%), endpoint protection (44%), data backup and recovery (43%), and email scanning (41%). The least deployed solutions post-attack included web scanning (40%), endpoint detection and response (EDR) and extended detection and response (XDR) technologies (38%), antivirus software (38%), mobile and SMS security solutions (36%), and managed security services provider (MSSP) or managed detection and response (MDR) provider (34%). Only 3% of respondents said they did not make any new security investments after a ransomware attack.

Cybereason’s study found that the majority of organizations that chose to pay ransom demands in the past were not immune to subsequent ransomware attacks, often by the same threat actors. In fact, 80% of organizations that paid the ransom were hit by a second attack, and almost half were hit by the same threat group.

This study offers insight into the business impact of ransomware attacks across key industry verticals and reveals data that can be leveraged to improve ransomware defenses. For example, after an organization experienced a ransomware attack, the top two solutions implemented included security awareness training (48%) and security operations (48%). This research underscores that prevention is the best strategy for managing ransomware risk and ensuring your organization does not fall victim to a ransomware attack in the first place.

1,263 cybersecurity professionals took part in the study commissioned by Cybereason and fielded by Censuswide, with participants in varying industries from the United States, United Kingdom, Spain, Germany, France, United Arab Emirates, and Singapore.

Read the full Cybereason Global Ransomware Study.