sb-nz logo
Story image

IDC survey: Nearly 1/3 of data-ransomed businesses pay up

27 Oct 2020

Almost one-in-three (29%) Australian and New Zealand organisations who fell victim to ransomware attacks in the past two years had paid off the criminal groups responsible to regain access to their data.

This is according to IDC’s A/NZ Ransomware Survey, August 2020, commissioned by cloud data management company Rubrik.

This finding and others were included in an IDC InfoBrief: Building business resiliency in Australia and New Zealand using a ransomware remediation backup strategy, sponsored by Rubrik. 

The InfoBrief is based on the survey, which polled technology and business leaders from more than 150 Australian and New Zealand organisations across a range of industries. 

The survey found 18% of A/NZ businesses had fallen victim to a ransomware attack in the past 24 months. 

From an industry perspective, the sectors hardest hit were banking, financial services, and insurance (BFSI), in which 29% of respondents said they had experienced a ransomware attack, followed by the transport (24%) and education (22%) sectors.

Despite bullishness on the part of respondents about their willingness to pay ransomware attackers – with only 6% saying their organisation would consider such a course of action if their data were compromised by ransomware – the reality when confronted with an attack was very different. 

Of those who had fallen victim to a ransomware attack, 29% of local organisations had paid off the attackers to regain access to their data. 

This was prevalent in the BFSI (60%) and Government (33.3%) sectors.

Rubrik A/NZ managing director Jamie Humphrey says the results are a sobering reminder of how important data is to business operations in the digital age.

“Unfortunately, faced with the prospect of either halting operations until data could be restored or paying criminal organisations to have their data returned, a significant number of local businesses thought they had no choice but to pay those holding their data hostage,” he says.

“Ransomware attacks are not only becoming more common, they’re becoming more sophisticated too – one-third of local businesses that fell victim to ransomware reported that their back up data was compromised during the attack.

“This shows how important immutable backups and mature backup regimes are to business resiliency. With a comprehensive backup strategy, operations can be up and running within an hour by simply restoring from a point-in-time before an attack without having to engage the criminals. Secure backups are the best data insurance policy businesses have against these insidious attacks.”

This sentiment was confirmed in the InfoBrief which found that 89% of A/NZ businesses agreed that ransomware remediation was just as critical as prevention in an effective response strategy.

The findings are bolstered by the Australian Cyber Security Centre’s latest Annual Cyber Threat Report, which not only found that ransomware had become one of the most significant threats facing Australian businesses and governments but also highlighted how “recovering from ransomware is almost impossible without comprehensive backups.”

Other key findings from the IDC InfoBrief include:

  • 80% of organisations in Australia and New Zealand agreed that the volume and severity of ransomware attacks had increased in the past 24 months, and 74% agreed the attacks were becoming harder to detect and remediate.
  • The three greatest challenges local organisations anticipated when recovering from a ransomware attack were speed of recovery (29%), reliability of data recovery (25%), and initial detection of the attack (21%).|
  • One-third (33%) of A/NZ organisations who fell victim to a ransomware attack took longer than a day to recover. Only 15% were able to remediate in less than hour.
  • The three cybersecurity threats A/NZ organisations reported having increased the most in the past 24 months were phishing (51%), ransomware (43%), and targeted social engineering (42%).
Story image
Claroty finds four vulnerabilities in Schneider Electric OT device
Unmitigated vulnerabilities could give an attacker access to the device, enabling the attacker to break encryption, modify code, and run certain commands.More
Story image
Frost & Sullivan: Firewalls to drive network security market
Enterprises’ heightened threats from criminal entities and state-sponsored actors are strongly encouraging them to adopt network security solutions.More
Story image
DDoS attacks surge, becoming more sophisticated
After doubling from Q1 to Q2, the total number of network layer attacks observed in Q3 doubled again — resulting in a 4x increase in number compared to the pre-COVID levels in the first quarter. More
Story image
ThreatQuotient & Infoblox integrate threat intelligence capabilities
“Together, our integration eases the consumption of threat intelligence from various internal and external sources to ensure that intelligence is accurate, relevant and timely to an organisation’s business.”More
Story image
Forrester names Thycotic a Leader in privileged access management
Thycotic received the highest possible score in 11 of the 24 criteria in the study, including SaaS/cloud, innovation roadmap, and integrations, deployment, supporting products and services, commercial model, and PIM installed base.More
Story image
DevSecOps increasingly important, but APAC organisations lagging behind
The rise of DevSecOps comes at a time when IT leaders are faced with an increasingly active cyber threat landscape, coupled with higher consumer expectations of digital offerings and application usage due to a sharp increase in online activities.More