A new Cybereason survey found that more than four out of five respondents from various business sectors – some 81% – said they are “highly” or “very concerned” about the risk of ransomware attacks.
The survey’s authors said the response underscores what a pervasive threat ransomware has become and that the security industry must respond with urgency to address the dramatic increase in ransomware cases.
The Cybereason research found that the vast majority of organizations experienced significant business impact because of ransomware attacks, including loss of revenue and damage to the organization’s brand, unplanned workforce reductions, and even having the business close down altogether.
A ransomware attack occurs against a business every 11 seconds on average, according to recent estimates, with global ransomware damage losses projected to reach $20 billion this year. The FBI reported an increase of more than 225% in total losses from ransomware in the U.S. in 2020 alone.
And there’s major risk in paying a ransom: The study found that the majority of organizations that chose to pay ransom demands in the past were not immune from subsequent ransomware attacks, often by the same threat actors. Some 80% of respondents who paid a ransom say they experienced a subsequent attack. In addition, having cyber insurance coverage in place does not guarantee an organization can recoup losses associated with a ransomware attack.
Click here to register for an upcoming CISO roundtable from Cybereason, in partnership with Cybersecurity Collaborative: Ransomware attacks and the true cost to business
Ransomware attacks can negatively impact an organization in a variety of ways, with combined losses potentially reaching tens or even hundreds of millions of dollars. A solid majority of survey respondents – 66% – reported significant revenue loss from a ransomware attack. Short-term impacts can include disruption of critical business operations because of the inability to access data, costs associated with incident response and mitigation efforts, interruption of system processes, lost productivity, and the ransom payment itself. Longer term impacts can include diminished business revenue, damage to the brand reputation, loss of top executives and employee layoffs, and loss of customers and strategic partners.
The Cybereason study also breaks down how ransomware has impacted revenue loss and layoffs by the following industry verticals: automotive, financial services, government, healthcare, legal, manufacturing, and retail.