Cybereason, a Boston-based cybersecurity company, has released findings from a global ransomware study revealing that more than half of organizations have been the victim of a ransomware attack, and that 80 percent of businesses that chose to pay the ransom.
The report, entitled “Ransomware: The True Cost to Business,” added that of the organizations who opted to pay a ransom demand in order to regain access to their encrypted systems, 46 percent reported that some or all of the data was corrupted during the recovery process.
The report also indicates that 66 percent of organizations reported significant loss of revenue following a ransomware attack, and that 35 percent of businesses that paid a ransom demand shelled out between $350,000-$1.4 million, while 7 percent paid ransoms exceeding $1.4 million.
Fifty-three percent of organizations indicated that their brand and reputation were damaged as a result of a successful attack. Thirty-two percent of organizations reported losing C-Level talent as a direct result of ransomware attacks, and 29 percent reported being forced to lay-off employees due to financial pressures following a ransomware attack. Furthermore, 26 percent of organizations reported that a ransomware attack forced the business to close their business for some period of time.
“Ransomware attacks are a major concern for organizations across the globe, often causing massive business disruptions including the loss of income and valuable human resources as a direct result. In the case of the recent Colonial Pipeline ransomware attack, disruptions were felt up and down the East Coast of the United States and negatively impacted other businesses who are dependent on Colonial’s operations,” said Chief Executive Officer and Co-founder of Cybereason, Lior Div.
“Paying a ransom demand does not guarantee a successful recovery, does not prevent the attackers from hitting the victim organization again, and in the end only exacerbates the problem by encouraging more attacks,” Div added. “Getting in front of the threat by adopting a prevention-first strategy for early detection will allow organizations to stop disruptive ransomware before they can hurt the business.”
The research, conducted in April of 2021, included 1,263 cybersecurity professionals took part in the survey—with participants from the United States, United Kingdom, Spain, Germany, France, United Arab Emirates, and Singapore. Major industry verticals covered in the research include the Technology, Manufacturing, Financial Services, Retail, Healthcare, Automotive, Legal and Government sectors.
These findings underscore why it does not pay to pay ransomware attackers, and that organizations should focus on early detection and prevention strategies to end ransomware attacks at the earliest stages before critical systems and data are put in jeopardy.