Only half of firms retrieve data after ransomware payments
US firms paid biggest ransom followed by Germany, France and then UK
Most cyberattacks breached organisations’ networks through their supply chain, according to US-based cybersecurity firm Cybereason. It found that 41% of breaches were through a supply chain partner, with 24% coming through direct networks and 22% helped by an insider.
Publishing a survey of more than 1,000 cybersecurity IT professionals in the UK, US, France and Germany across different industries, Cybereason says all organisations had been breached in the past 24 months while 56% reported more than one ransomware attack.
More than half did not detect a breach for three to 12 months.
Cybereason found that 84% of survey respondents paid ransoms to attackers, but only 47% of these retrieved their data and had their services uncorrupted. Some 78% were asked to pay again, with 63% revealing they were asked to pay more the second time. The poll uncovers that 82% of companies were attacked again within a year and 36% fell victim to the same actor.
“These findings emphasise why it does not pay to pay ransomware attackers, and organisations should instead focus on detection and prevention tactics to end ransomware attacks before material damage occurs,” the report says.
US firms surveyed paid the highest ransoms, averaging $1.4m, followed by French companies at $1m. German firms paid an average $762,000 and UK firms $423,000.
The True Cost to Business Study 2024 finds that 87% of firms increased their investment in cybersecurity after an attack, but just 41% say they have the right people and right plan to manage the next attack.
Greg Day, global field CISO at Cybereason, says businesses are leaving themselves exposed to the risk of cyberattack. “While most businesses have a ransomware strategy in place, many are incomplete. They’re either missing a documented plan, or the right people to execute it. As a result, we see that many organisations are paying the ransom”.
The report finds that almost all respondents have cyber insurance in place, but only 40% are sure a ransomware attack would be covered. About half of organisations that claimed on their policy recovered the full costs.
“While many have cyber insurance, too many simply don’t know if, or to what degree, it covers them for ransomware attacks. This is problematic on several levels. It’s no guarantee that attackers won’t sell your data on the black market, that you’ll even get your full files and systems back, or that you won’t be attacked again,” Day says.
Cybereason’s poll finds 46% of organisations estimate business losses from a cyberattack totalled $1m to $10m, while 16% estimate their losses exceeded $10m.