As reported on the Cyber Security Intelligence website, threat protection firm Sophos commissioned a survey of IT managers early this year. Based on responses by 5,000 managers in 26 countries, this "State of Ransomware" report provides new insights.
- Paying ransom doubles the cost of dealing with an attack. Average cost for organizations that don't pay is $732,520 but $1,448,450 for those who do.
- Over 50% of organizations experience an attack each year. When successful, data is encrypted in over 70% of attacks.
- Over 90% of organizations get their data back, twice as many through backups as by paying ransom.
- There are more attacks in the private than the public sector, with 60% of media, leisure and entertainment companies attacked.
- 59% of successful attacks included data in the public cloud.
- 94% of ransom payments were made by insurers. 84% of respondents have cyber insurance, but only 64% of policies cover ransomware.
- Average remediation costs are $761,106.
Most law enforcement authorities recommend that ransom should not be paid. These statistics show that defense is a better, and less costly, strategy than payment.
The survey included these recommendations:
- Assume you will be attacked - odds are better than 50%.
- Invest in anti-ransomware technology. 24% of respondents stopped attacks before data could be encrypted.
- Protect data wherever it's held, including the cloud.
- Make regular backups, stored offsite and offline.
- Deploy a layered defense.
- include ransomware coverage in cyber insurance.