Paying ransomware doubles the cost of dealing with a ransomware attack, without paying
It costs global organisations US$1.4 million, when they pay ransom to cyber criminals, nearly twice as much addressing the impact of a ransomware attack that isn’t paid, according to Sophos’ recently released The State of Ransomware 2020 survey.
The security vendor found the average global cost of addressing the impact of such an attack, including business downtime, lost orders, operational costs, and more, but not including the ransom, was US$730,000 – emphasising organisations should never pay the ransom set by cyber criminals.
According to Sophos the first ransomware ever documented was released via floppy disk in 1989, however it wasn’t until circa 2005 it started wreaking havoc for businesses.
“Fast forward 15 years and businesses are still struggling to defend against the malware,” states the security vendor.
The survey was conducted with 5000 IT manager from 26 countries across six continents including, Australia, China, India, Japan, Malaysia, Philippines, and Singapore.
India topped the list of countries with 82 per cent of organisations reporting being hit by ransomware in 2019.
“This is not a huge surprise,” states Sophos. “Cyber hygiene is generally poor in India, and pirated technology abounds, creating weaknesses in cyber defences and making organisations more vulnerable to attack.”
The Philippines, Poland, and South Africa report the lowest levels of cyber attacks.
“As we discussed earlier, cyber criminals have moved from ‘spray and pray’ desktop ransomware attacks to more targeted server-based attacks that affect fewer organisations but with higher ransom demands,” Sophos states. “They geo-target their attacks to go after the most lucrative opportunities. The three countries at the bottom of the attack scale also have lower GDP than many of the other countries higher up the list which may be why they receive less focus from the cyber criminals.”
Across industry sectors, the public sector reported fewer attacks than all other sectors; while the media, leisure, and entertainment industries report the highest levels of attack (60 per cent), closely followed by IT, technology, and telecoms (56 per cent).
Other interesting findings include:
- Almost three quarters of ransomware attacks result in the data being encrypted. 51 per cent of organisations were hit by ransomware in the last year. The criminals succeeded in encrypting the data in 73 per cent of these attacks.
- 26 per cent of ransomware victims whose data was encrypted got their data back by paying the ransom. A further one per cent paid the ransom but didn’t get their data back.
- 94 per cent of organisations whose data was encrypted got it back. More than twice as many got it back via backups (56 per cent) than by paying the ransom (26 per cent).
- Paying the ransom doubles the cost of dealing with a ransomware attack. The average cost to rectify the impacts of the most recent ransomware attack (considering downtime, people time, device cost, network cost, lost opportunity, ransom paid etc.) is US$732,520 for organisations that don’t pay the ransom, rising to US$1,448,458 for organisations that do pay.
- Despite the headlines, the public sector is less affected by ransomware than the private sector. 45 per cent of public sector organisations were hit by ransomware last year, compared to a global average of 51 per cent, and a high of 60 per cent in the media, leisure, and entertainment industries.
- One in five organisations has a major hole in their cybersecurity insurance. 84 per cent of respondents have cybersecurity insurance, but only 64 per cent have insurance that covers ransomware.
- Cybersecurity insurance pays the ransom. For those organisations that have insurance against ransomware, 94 per cent of the time when the ransom is paid to get the data back, it’s the insurance company that pays.
- Most successful ransomware attacks include data in the public cloud. 59 per cent of attacks where the data was encrypted involved data in the public cloud. While it’s likely that respondents took a broad interpretation of public cloud, including cloud-based services such as Google Drive and Dropbox and cloud backup such as Veeam, it’s clear that cyber criminals are targeting data wherever it stored.