The survey provides fresh new insight into the experiences of organizations hit by ransomware, including:
- Almost three quarters of ransomware attacks result in the data being encrypted. 51% of organizations were hit by ransomware in the last year. The criminals succeeded in encrypting the data in 73% of these attacks.
- 26% of ransomware victims whose data was encrypted got their data back by paying the ransom. A further 1% paid the ransom but didn’t get their data back.
- 94% of organizations whose data was encrypted got it back. More than twice as many got it back via backups (56%) than by paying the ransom (26%).
- Paying the ransom doubles the cost of dealing with a ransomware attack. The average cost to rectify the impacts of the most recent ransomware attack (considering downtime, people time, device cost, network cost, lost opportunity, ransom paid etc.) is US$732,520 for organizations that don’t pay the ransom, rising to US$1,448,458 for organizations that do pay.
- Despite the headlines, the public sector is less affected by ransomware than the private sector. 45% of public sector organizations were hit by ransomware last year, compared to a global average of 51%, and a high of 60% in the media, leisure, and entertainment industries.
- One in five organizations has a major hole in their cybersecurity insurance. 84% of respondents have cybersecurity insurance, but only 64% have insurance that covers ransomware.
- Cybersecurity insurance pays the ransom. For those organizations that have insurance against ransomware, 94% of the time when the ransom is paid to get the data back, it’s the insurance company that pays.
- Most successful ransomware attacks include data in the public cloud. 59% of attacks where the data was encrypted involved data in the public cloud. While it’s likely that respondents took a broad interpretation of public cloud, including cloud-based services such as Google Drive and Dropbox and cloud backup such as Veeam, it’s clear that cybercriminals are targeting data wherever it stored.