The Cost of Ransom Payments is IncreasingRansom payments are becoming inflated. The number of organizations that paid a ransom of $1 million or more rose to 11%, up from 4% in 2020. Whereas the percentage of organizations paying less than $10,000 dropped from 34% in 2020 to 21% in 2021. More organizations are choosing to pay the ransom to get their data back. 46% of the survey respondents paid the ransom to decrypt the data impacted by ransomware. 26% of organizations that had other options for recovering their data, such as backups, still chose to pay the ransom. As a result, the total ransom paid in 2021 rose by a factor of 4.8, from $170,000 in 2020, to $812,360. The percentage of data restored after paying the ransom has dropped. Forty-six percent of organizations who paid the ransom only got 61% of their data back, down from 65% in 2020. Only 4% of organizations got all of their data restored after paying the ransom, down from 8% in 2020.
Increased Operational Impacts of RansomwareRansomware attacks have a significant impact on the operations of affected companies. In the study, 53% of the organizations said the impact of attacks had increased. And a total of 90% of the victims stated that the attack had impacted their operations. 86% of companies in the private sector reported that the attack had resulted in the loss of business and/or revenue. On average, organizations that suffered a ransomware attack took one month to recover from the damage and disruption. The average cost of remediating ransomware attacks fell to $1.4 million in 2021. The average cost of recovering from attacks was $1.85 million in 2020. According to the report, a few factors that may have played a role in the decrease of costs in 2021 include:
- Ransomware attacks have become more prevalent.
- Remediation costs have been reduced because insurance providers can help their customers rectify threats quickly and effectively.
- The reputational damage of ransomware attacks has been reduced.
Companies are Getting Better at Restoring DataThe report notes that organizations are better prepared at restoring data in the event of a ransomware attack. Almost all the organizations hit by ransomware in 2021 (99%) managed to get some of their encrypted data back, up from 96% in 2020. About half of the companies surveyed (44%) reported using multiple approaches to maximize the speed of restoring their data. More than 73% used backups to restore data, 46% said they paid ransom to restore it, while 30% used other means to restore their data including using decryption tools. Industries that had the highest use of backups included media, leisure, and entertainment, followed by energy, oil/gas, and utilities.
The Role of Cyber InsuranceMany companies rely on insurance to help them recover from a ransomware attack. Organizations reported that insurance paid 77% cleanup costs and 40% ransom in 98% of the incidents. However, while 83% of organizations had cyber insurance, 34% had exclusions and exceptions in the policy. Organizations hit by ransomware attacks over the last year are more likely to have insurance coverage compared to those that didn't experience an attack. Among those hit, 89% had cyber insurance compared to 70% that were not hit. Sophos highlights three possible reasons:
- Organizations hit by a ransomware attack may seek cover to help mitigate the impact of future attacks.
- Cybercriminals target companies protected by the insurance coverage to maximize their chances of a ransom payout.
- Companies seek cover to balance known weaknesses in their defenses.
- The process is longer.
- Organizations offering insurance protection are very few.
- There's a higher demand for cybersecurity measures.
- Policies are complex or expensive.
ConclusionThis latest report sheds new light on the problem of ransomware. The percentage of organizations directly impacted by ransomware has increased significantly over the last year. Consequently, companies have had to adopt different approaches to help in combating the impact of attacks. Nearly everyone affected (99%) got some of the encrypted data back, with two-thirds restoring affected data from backups. More organizations are purchasing cyber insurance to help with the financial risks of an attack. However, it's becoming difficult to acquire coverage, and even though the insurance pays some of the ransom in almost all claims the proportion of encrypted data given back has dropped. The findings of the report can be used as a blueprint for organizations that need to augment their security against ransomware attacks. Organizations should not only invest in the right technology but also have the skills and know-how to implement it effectively. They should also seek to partner up with experts who can help get the most return out of their cybersecurity investments and elevate their defenses.