Ransomware attacks continue to be on the rise – 66% of organizations surveyed in 2021 were hit, up from 37% in 2020. Ransom payments are also higher: In 2021, 11% of organizations said they paid ransoms of $1 million or more, up from 4% in 2020. The average ransom paid by organizations that had data encrypted reached $812,360.
These numbers stem from the latest State of Ransomware 2022 report by Sophos, based on a survey of 5,600 IT professionals in mid-sized organizations across 31 countries, conducted in January and early February 2022.
Source: State of Ransomware 2022, Sophos
The study has revealed an increasingly challenging threat environment, coupled by the growing financial and operational burden ransomware places on its victims. It also shed light on the relationship between ransomware and cyber insurance, as more organizations rely on their policies to help them recover – 83% of mid-sized organizations had cyber insurance that covers them in the event of a ransomware attack.
Cyber insurance has fast become another key component of a cybersecurity strategy, due to the everyday occurrence of cyber attacks and data breaches. While not a license to practice poor security, cyber insurance is an additional layer that almost always pays out – In 98% of incidents where the victim had cyber insurance that covered ransomware, the insurer paid some or all the costs incurred (with 40% overall covering the ransom payment).
Learn more: What is Cyber Insurance and does your business need it?
Research conducted by ThirdPartyTrust and BitSight confirms this trend: Ransomware has been the cause of more than half of cyber insurance claim losses in 2020, according to our own survey.
Ransomware has become increasingly easy for attackers to deploy as-a-service (RaaS). These attacks are not as resource intensive as others, and are highly profitable for cybercriminals. Which is why the overall risk of a ransomware attack is not likely to decrease in the foreseeable future, nor will the cost of recovery.
The average cost to recover from a ransomware attack in 2021 was $1.4 million. On average, it took one month to recover from the damage and disruption. 90% of organizations said the attack had impacted their ability to operate, and 86% of private sector victims said they had lost business and/or revenue because of the attack.
Source: State of Ransomware 2022, Sophos
How To Prevent a Ransomware Attack
Ransomware preparedness has become a board-level issue for most CISOs, and we’ve gathered the ten tips that we have found to be most effective here.
Cybersecurity is not a one-and-done effort, but a day-to-day risk management. Security measures also need to extend to your vendors, partners, suppliers, and any third-party member of your network. Having tools that provide deep insight into the risks and security performance of every member of your digital supply chain is critical.
ThirdPartyTrust can help by providing a one pane of glass risk dashboard, with end-to-end vendor risk assessment automation for making informed decisions about vendors, and continuously monitoring their security posture.
Let us show you how ThirdPartyTrust can help you control ransomware and other risks across your third party supply chain. Talk to an expert today.
The Impact of Ransomware in the Technology Sector
Our research report contains key findings for the Technology industry, so that your organization can avoid future ransomware incidents.
You will learn: which vulnerabilities are closely tied with ransomware campaigns, how to prevent them, and how can Technology professionals like you stay ahead.
