The State of Ransomware in State and Local Government 2022

Findings from an independent, vendor-agnostic survey of 5,600 IT professionals in mid-sized organizations across 31 countries, including 199 respondents from the state and local government sector


Sophos’ annual study of the real-world ransomware experiences of IT professionals in the state and local government sector has revealed an ever more challenging attack environment. Together with the growing financial and operational burden ransomware places on its victims, it also shines new light on the relationship between ransomware and cyber insurance – including how insurance drives changes to cyber defenses.

About the survey

Sophos commissioned research agency Vanson Bourne to conduct an independent, vendor-agnostic survey of 5,600 IT professionals, including 199 from state and local government. Respondents were from mid-sized organizations (100-5,000 employees) across 31 countries. The survey was conducted during January and February 2022, and respondents were asked to answer based on their experiences over the previous year.

Ransomware attack rate increased over the last year

58% of local government organizations were hit by ransomware in 2021, up from 34% in 2020. This is a 70% rise over the course of a year, demonstrating that adversaries have become considerably more capable of executing the most significant attacks at scale.

All sectors reported an increased attack rate in 2021 and in fact state and local government reported one of the lower ransomware attack rates across all the sectors surveyed. For comparison, 66% of respondents across all sectors reported being hit by ransomware over the last year. (Note: “hit by ransomware” was defined as one or more devices being impacted but not necessarily encrypted.)

While the rate of attack was below the cross-sector average, state and local government organizations reported one of the highest rates of data encryption following an attack, with almost three-quarters (72%) of respondents saying that the adversaries succeeded in encrypting data. Globally, across all industries, 65% of attacks resulted in data encryption, which is a 20% increase from the 54% that reported data encryption after an attack in 2020…

Complete the short form on the right to download full report.

Download Now