More than a third of global organisations have experienced ransomware — report
Over a third of organisations worldwide have experienced a ransomware attack in the past 12 months that restricted access to systems or data.
That's according to new research from IDC, whose survey also found that organisations that have progressed further with their digital transformation (DX) journey, and are committed to a long-term DX plan, were less likely to suffer a ransomware attack.
“Ransomware has become the enemy of the day,” says IDC program vice president of cybersecurity products Frank Dickson.
“The threat that was first feared on Pennsylvania Avenue and subsequently detested on Wall Street is now the topic of conversation on Main Street.
The report found increasing instances of ransomware victims experiencing multiple breach events, as well as a rise in the average ransom payment: $250,000 — clear signs of the rapid proliferation of the cyber crisis. IDC says a few ‘large payments of more than $1 million' skewed the average.
The highest ransomware incident rates were recorded in the manufacturing and finance fields, while transport, communication and media reported the lowest rates.
Meanwhile, ransomware awareness is also on the rise, prompting organisations to undertake a variety of actions in response. These include:
- Reviewing and certifying security and data protection/recovery practices with partners and suppliers
- Periodically stress-testing cyber response procedures
- Increased sharing of threat intelligence with other organisations and government agencies.
Greater incident awareness has similarly prompted requests from boards of directors to review security practices and ransomware response procedures.
“As the greed of cyber-miscreants has been fed, ransomware has evolved in sophistication, moving laterally, elevating privileges, actively evading detection, exfiltrating data, and leveraging multifaceted extortion,” says Dickson.
“Welcome to digital transformation's dark side!”
IDC's report also found that American companies are faring better than others: the incident rate was notably lower for companies in the United States (7%) compared to the worldwide rate (37%).
Only 13% of organisations reported experiencing a ransomware attack/breach and not paying a ransom.
The report follows one with a similar message from Check Point, which revealed that ransomware attacks have surged 93% in the last six months.
According to the report, there has been a 13% increase in cyber-attacks in the APAC region since the beginning of the year, with 1338 weekly attacks per organisation.
Check Point Software VP of research Maya Horrowitz says, “In the first half of 2021, cyber-criminals have continued to adapt their working practices in order to exploit the shift to hybrid working, targeting organisations supply chains and network links to partners in order to achieve maximum disruption.
“Looking ahead, organisations should be aware of the risks and ensure that they have the appropriate solutions in place to prevent, without disrupting the normal business flow, the majority of attacks including the most advanced ones.