Ransomware attacks in 2023 were analyzed in a recent report by Cohesity. According to the report, 79% of respondents said their company had been the ‘victim of a ransomware attack’ between June and December. The cyber threat landscape is expected to get even worse in 2024, according to the report, with 96% of respondents saying the threat of cyberattacks to their industry will increase this year and 71% predicting it will increase by more than 50%.

Seventy-eight percent of respondents said their data security risk has now increased faster than the growth in the data they manage. Respondents also believe organizations’ cyber resilience and data security strategies are not keeping up with the current threat landscape, with 21% having full confidence in their company’s cyber resilience strategy and its ability to ‘address today’s escalating cyber challenges and threats.

According to respondents, every company has cyber resilience and business continuity challenges:

• All respondents said they need over 24 hours to recover data and restore business processes.
• 7% said their company could recover data and restore business processes within 1-3 days.
• 35% said they could recover and restore in four to six days, while 34% need 1-2 weeks.
• 23% need over 3 weeks to recover data and restore business processes

Twelve percent said their company had stress-tested their data security, data management and data recovery processes or solutions in the six months prior to being surveyed, and 46% had not tested their processes or solutions in over 12 months.

Ninety-four percent of respondents said their company would pay a ransom to recover data and restore business processes, while 5% said ‘maybe, depending on the ransom amount. Sixty-seven percent said their company would be willing to pay over $3 million to recover data and restore business processes, with 35% of respondents saying their company would be willing to pay over $5 million. The research also showed the importance of being able to respond and recover, as nine in 10 said their organization had paid a ransom in the prior two years, despite 84% saying their company had a ‘do not pay’ policy.

Respondents identified executive awareness and responsibility for data security as two areas for companies to improve, with 35% saying their senior and executive management fully understands the ‘serious risks and daily challenges of protecting, securing, managing, backing up, and recovering data.’ Four in five said executive management (C-Level) and boards should share the responsibility for their company’s data security strategy, while 67% said their company’s CIO and CISO, in particular, could be better aligned.