A recent International Data Corporation (IDC) survey found that more than one-third of organizations worldwide have experienced a ransomware attack or breach that blocked access to systems or data in the previous 12 months.

Joseph Carson, chief security scientist and Advisory CISO at ThycoticCentrify, a Washington D.C.-based provider of cloud identity security solutions, says, “Organizations of all sizes must take ransomware extremely seriously as it will continue to be the largest of cyber threats. Ransomware continues to be very costly for many organizations - the price you pay for not being prepared is growing. It only takes one employee with local admin privileges to click on a malicious email attachment to take down an entire company. By ensuring that a comprehensive system for monitoring and controlling privileged access credentials is in place, organizations can greatly lower the success rate and risks of a ransomware attack. If attackers gain initial access to a network, they’ll begin to look for ways to escalate their privileges to compromise a network and spread the attack fully. Privileged access management tools can slow that spread and keep ransomware contained at its inception point (e.g., a single endpoint or set of credentials).”

Key findings from the survey include the following:

  • The incident rate was notably lower for companies based in the United States (7%) than the worldwide rate (37%).
  • The Manufacturing and Finance industries reported the highest ransomware incident rates, while the Transportation, Communication, and Utilities/Media industries reported the lowest.
  • Only 13% of organizations reported experiencing a ransomware attack/breach and not paying a ransom.
  • While the average ransom payment was almost a quarter-million dollars, a few large ransom payments (more than $1 million) skewed the average.

Greater awareness of ransomware incidents has prompted organizations to undertake a variety of actions in response. These include reviewing and certifying security and data protection/recovery practices with partners and suppliers, periodically stress-testing cyber response procedures, and increased threat intelligence sharing with other organizations and government agencies. Greater incident awareness has similarly prompted requests from boards of directors to review security practices and ransomware response procedures.

“Returning to normal operations after a ransomware attack is a daunting project. Organizations require clarity over which systems and data were impacted before rebuilding operational systems can start. Cyber insurance brings experts at every step of the process: from a breach coach and forensic experts who will clarify the scope of the incident and negotiate the ransom to resources that accelerate rebuilding systems to full capacity,” says Jack Kudale, founder and CEO of Cowbell Cyber, a Pleasanton, Calif.-based provider of AI-powered cyber insurance for SMBs. “The role of the insurers must go beyond response and recovery to include education and prevention. For example, organizations need cyber policies bundled with complementary cybersecurity training for all insured employees. This will eliminate one of the basic root causes of many ransomware attacks: employees clicking on a phishing email.”

Analysis of the survey results also showed that organizations that are further along in their digital transformation (DX) efforts were less likely to have experienced a ransomware event. These organizations have committed to a long-term DX investment plan with a multi-year approach tied to enterprise strategy.

Scott Devens, CEO at Untangle, a San Jose, Calif.-based provider of comprehensive network security for SMBs, says cybercriminals are becoming more emboldened and turning their focus to ransomware attacks as a lucrative opportunity as companies continue to pay ransoms. “These malicious actors are also moving away from holding data hostage and zeroing in on targeting critical infrastructure that can disrupt society. The shift comes as they realized they could get larger ransoms faster if their attack had the potential to cause severe consumer pain,” Devens says.

“This is leading companies to re-evaluate their IT security teams to add specific skills, such as mobile device management, digital forensics, malware prevention and others, as hybrid work continues and more IoT devices are brought onto networks. To defend against cyberattacks, network security professionals will also need to continually stay updated on new technology, educate all employees on the latest schemes, and implement policies such as zero-trust that may be unpopular with staff but are necessary to prevent attacks.”

The report, IDC’s 2021 Ransomware Study: Where You Are Matters!, presents findings from the Future Enterprise Resiliency & Spending Survey of nearly 800 IT decision-makers and influencers. The July 2021 survey focused on topics such as the board of directors, ransomware payments, size of the ransomware, number of ransomware payments, and the exfiltration of data.