Skip to content ↓ | Skip to navigation ↓

Sophos Labs recently released its annual global study, State of Ransomware 2022, which covers real-world ransomware experiences in 2021, their financial and operational impact on organizations, as well as the role of cyber insurance in cyber defense.

The report, which surveyed 5,600 IT professionals in mid-sized organizations across 31 countries, shows that ransomware attacks are increasing and becoming more sophisticated. In 2021, 66% of organizations were hit with ransomware, an increase of 29% compared to 2020.

Cybercriminals are finding more complex ways to launch ransomware attacks. An average of 57% of the companies surveyed reported an increase in the volume of attacks, and 59% said the complexity of attacks had increased. With the everything-as-a-service model, even those criminals without the skills and financing required to deploy a unique ransomware attack can use ready-made packages.

What’s worse is cybercriminals are becoming more successful at encrypting data in ransomware attacks. In 2021, data was encrypted in 65% of the attacks, an increase of 11% compared to the 54% success rate in 2020. However, extortion-only attacks saw a reduction from 7% to 4% — attacks where the attackers don’t encrypt data, but exfiltrate it and threaten to publicly publish it as the ransom method.

The Cost of Ransom Payments is Increasing

Ransom payments are becoming inflated. The number of organizations that paid a ransom of $1 million or more rose to 11%, up from 4% in 2020. Whereas the percentage of organizations paying less than $10,000 dropped from 34% in 2020 to 21% in 2021.

More organizations are choosing to pay the ransom to get their data back. 46% of the survey respondents paid the ransom to decrypt the data impacted by ransomware. 26% of organizations that had other options for recovering their data, such as backups, still chose to pay the ransom. As a result, the total ransom paid in 2021 rose by a factor of 4.8, from $170,000 in 2020, to $812,360.

The percentage of data restored after paying the ransom has dropped. Forty-six percent of organizations who paid the ransom only got 61% of their data back, down from 65% in 2020. Only 4% of organizations got all of their data restored after paying the ransom, down from 8% in 2020.

Increased Operational Impacts of Ransomware

Ransomware attacks have a significant impact on the operations of affected companies. In the study, 53% of the organizations said the impact of attacks had increased. And a total of 90% of the victims stated that the attack had impacted their operations. 86% of companies in the private sector reported that the attack had resulted in the loss of business and/or revenue.

On average, organizations that suffered a ransomware attack took one month to recover from the damage and disruption. The average cost of remediating ransomware attacks fell to $1.4 million in 2021. The average cost of recovering from attacks was $1.85 million in 2020.

According to the report, a few factors that may have played a role in the decrease of costs in 2021 include:

  • Ransomware attacks have become more prevalent.
  • Remediation costs have been reduced because insurance providers can help their customers rectify threats quickly and effectively.
  • The reputational damage of ransomware attacks has been reduced.

Companies are Getting Better at Restoring Data

The report notes that organizations are better prepared at restoring data in the event of a ransomware attack. Almost all the organizations hit by ransomware in 2021 (99%) managed to get some of their encrypted data back, up from 96% in 2020.

About half of the companies surveyed (44%) reported using multiple approaches to maximize the speed of restoring their data. More than 73% used backups to restore data, 46% said they paid ransom to restore it, while 30% used other means to restore their data including using decryption tools.

Industries that had the highest use of backups included media, leisure, and entertainment, followed by energy, oil/gas, and utilities.

The Role of Cyber Insurance

Many companies rely on insurance to help them recover from a ransomware attack. Organizations reported that insurance paid 77% cleanup costs and 40% ransom in 98% of the incidents. However, while 83% of organizations had cyber insurance, 34% had exclusions and exceptions in the policy.

Organizations hit by ransomware attacks over the last year are more likely to have insurance coverage compared to those that didn’t experience an attack. Among those hit, 89% had cyber insurance compared to 70% that were not hit. Sophos highlights three possible reasons:

  • Organizations hit by a ransomware attack may seek cover to help mitigate the impact of future attacks.
  • Cybercriminals target companies protected by the insurance coverage to maximize their chances of a ransom payout.
  • Companies seek cover to balance known weaknesses in their defenses.

Organizations with a large number of employees are also more likely to have insurance coverage. On average, 83% of the companies with 3,001 to 5,000 employees had insurance, compared to 73% of companies with 100 to 250 employees.

It’s becoming more difficult to secure cyber insurance coverage. Most companies (94%) said their experience of securing cyber insurance has changed over the last 12 months in the following ways:

  • The process is longer.
  • Organizations offering insurance protection are very few.
  • There’s a higher demand for cybersecurity measures.
  • Policies are complex or expensive.

This is understandable, as insurers are not going to write a policy for an organization that is not taking action to prevent an attack.


This latest report sheds new light on the problem of ransomware. The percentage of organizations directly impacted by ransomware has increased significantly over the last year. Consequently, companies have had to adopt different approaches to help in combating the impact of attacks. Nearly everyone affected (99%) got some of the encrypted data back, with two-thirds restoring affected data from backups.

More organizations are purchasing cyber insurance to help with the financial risks of an attack. However, it’s becoming difficult to acquire coverage, and even though the insurance pays some of the ransom in almost all claims the proportion of encrypted data given back has dropped.

The findings of the report can be used as a blueprint for organizations that need to augment their security against ransomware attacks. Organizations should not only invest in the right technology but also have the skills and know-how to implement it effectively. They should also seek to partner up with experts who can help get the most return out of their cybersecurity investments and elevate their defenses.

About the Author: Mary Manzi is a Hubspot certified cybersecurity marketing professional. her work has appeared on various cybersecurity websites such as Geekflare and Silentbreach.

Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.