The true cost of ransomware attacks

A survey conducted by Cybereason finds that 50% of companies experienced a ransomware attack during the last year, 46% of organizations that paid the ransom did not get all of their data back, and 80% of organizations that decided to pay experienced another attack

BIGSTOCK/Copyright: AndreyPopov

Ransomware attacks have been on the rise worldwide in recent years, with a new record in March including a demand for a payment of $50 million. Besides the increase in the frequency of ransomware attacks, the level of sophistication and the damage inflicted by them has increased as well. It is estimated that there is currently a ransomware attack on an organization every 11 seconds, with the losses from ransomware attacks worldwide expected to reach $20 billion this year.     

This week, cyber defense company Cybereason published the findings from its extensive study dealing with the results and real costs of ransomware attacks. The survey was conducted among workers at more than 1,200 organizations worldwide including technology (44%), manufacturing (16%), financial sector (11%) and healthcare companies as well as government institutions, legal institutions and more. The following are the main findings.    

Influence of ransomware attacks on organizations:

  • 66% of the organizations experienced a loss in revenue. 
  • 53% of participants in the survey reported damage to the image of the company and the brand.
  • 32% of organizations were forced to fire senior managers or experienced a wave of resignations.
  • 29% of the organizations were forced to lay off employees.
  • 25% of the organizations were forced to close the business altogether.
  • 42% of participants in the survey said that insurance companies did not cover all the losses caused as a result of ransomware attacks. 

Worker faith in the organization: 

  • 81% of the participants in the survey said that they are concerned about the dangers of a ransomware attack against their organization.
  • 73% of participants in the survey said their organization has an effective policy for managing a ransomware attack crisis.
  • 60% of participants in the survey have faith in the professionalism and effectiveness of the security staff at their organization. 

Payment of ransom:

  • 80% of the organizations that decided to pay the ransom experienced a second ransomware attack, some of them even by the same attack group.
  • 46% of the organizations that paid the ransom did not receive all of their data back.  

How many companies paid the ransom, and what was the result?

Many security experts advise not to pay the ransom for several reasons, among them the attempt to eliminate the phenomenon, and the understanding that such an action does not ensure the recovery of all the stolen data and does not prevent similar attacks against the organization in the future. However, 60% of those surveyed said that their organization chose to meet the attacker's demand and pay the ransom.    

The survey found that the majority of ransomware demands were in the range of $350,000 to $1.4 million. In addition, it appears that 46% of the organizations that were attacked and chose to pay the ransom did not get back all of their data, and 80% of the organizations said that they were attacked again, even by the same threat actors.  

Whether the organizations chose to pay the ransom or not, the huge damage does not end there. Many of those surveyed said that dealing with the consequences of the attack is very complex and expensive. 44% reported that their businesses suffered significant damage including loss of income, serious damage to the image of the organization, unplanned reduction of manpower and even closure of the business altogether. In addition, insurance coverage does not ensure that organizations recover all of their losses.    

Which organizations were most frequently targeted by attackers?

The results of the survey show that the bigger an organization is, the more vulnerable it is to ransomware attacks, with organizations with 100 workers or more as the main targets. Besides the size of the organization, it appears that an additional factor influencing the frequency of attacks is the sector to which the organization belongs. According to the results of the survey, those who reported the largest number of cyberattacks against their organizations belong to the financial, manufacturing and retail sectors. 

Also, 49% of the workers belonging to the financial sector said that their organizations experienced a ransomware attack over the past year and were hit hard by it. This is a surprising finding because of the fact that the financial sector belongs to the group of organizations under the most strict regulations that tend to invest more in security technologies. This statistic may indicate a phenomenon of organizations tending to invest in traditional defense systems that are not in line with the sophisticated attacks of today. 

Implementation of security systems

According to the results of the poll, it appears that security systems that defend against attacks on individual workers (using automatic scanning of emails and browsers, traditional antivirus and training of workers) are implemented more widely than defense systems that protect against malicious activity in the organizational network (EPP systems, next-generation antivirus (NGAV), XDR platforms, etc.). This statistic indicates a perceptional gap by many organizations facing cyberattacks in general and ransomware in particular, which is becoming more advanced from year to year.    

An additional statistic that emphasizes the importance of these systems shows that among organizations that faced ransomware attacks that did not succeed in breaching or causing damage to the organization, over 50% hired external security services or had modern defense systems that defend the organizational network and endpoints in the organization (NGAV, EPP, SOC).