Ransomware attacks made headlines throughout 2022, from compromising K-12 student data to disabling healthcare networks. However, cyberattacks using the tactic have declined significantly over the past 12 months compared to the previous year, and fewer companies are paying ransoms. 

The 2022 State of Ransomware Report from Delinea and conducted by Censuswide surveyed 300 U.S.-based information technology (IT) decision-makers about the impact of ransomware on their organizations over the past year. The survey found that 25% of organizations were victims of ransomware attacks over the past 12 months, a 61% decline from the previous 12-month period, when 64% of organizations reported being victims. 

Furthermore, the number of victimized companies who paid the ransom declined from 82% to 68%, which could be a sign that warnings and recommendations from the FBI to not pay ransoms are being heeded. The survey found that larger companies are more likely to be victims of ransomware, as 56% of companies with 100 or more employees said they were victims of ransomware attacks.

In addition to the decrease in ransomware attacks, organizations seem to be allocating less for ransomware attacks. Budget allocations for ransomware are in decline, as only 68% of those surveyed said they are currently allocated budget to protect against ransomware versus 93% during the prior year. The number of companies with incident response plans also declined from 94% to 71%, and only half are taking proactive, proven steps to prevent ransomware attacks such as enforcing password best practices (51%) and using multi-factor authentication (50%).

More surveyed IT leaders specified that their companies lost revenue (56%) and customers (50%) compared to the previous year. Fewer organizations (43%) reported reputational damage as a result of being victims of a ransomware attack.

For more report information, click here.