State of Ransomware 2023

The research revealed that the rate of ransomware attacks has remained level, with 66% of respondents reporting that their organization was hit by ransomware in the previous year, the same as in our 2022 survey. With adversaries now able to consistently execute attacks at scale, ransomware is arguably the biggest cyber risk facing organizations today.

Cyber criminals have been developing and refining the ransomware-as-aservice model for several years. This operating model lowers the barrier to entry for would-be ransomware actors while also increasing attack sophistication by enabling adversaries to specialize in different stages of an attack.

Attacks by Country

While the overall reported ransomware rate remains flat compared to 2022, the survey revealed variations at a country level. Singapore reported the highest rate of ransomware attacks in this year’s study, with 84% of organizations being hit in the previous year. Conversely, the UK reported the lowest rate of attack (44%).

Austria reported the biggest drop in rate of attack, down from 84% of organizations hit to 50%. South Africa had the biggest increase in attack rate, with 78% of organizations hit in our 2023 survey compared to 51% in 2022.

Attacks by Industry

The education sector was the most likely to have experienced a ransomware attack in the last year with 80% (lower education) and 79% (higher education) reporting being hit. Education traditionally struggles with lower levels of resourcing and technology than many other industries, and the data shows that adversaries are exploiting these weaknesses.

IT, technology, and telecoms reported the lowest level of attack (50%), indicating a higher level of cyber readiness and cyber defenses.