IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Almost 70% of CISOs expect a ransomware attack

Many companies are willing to make ransomware payments in the face of the growing threat

Fears over ransomware attacks are worsening, according to a survey of CISOs released this week. 

Security knowledge-sharing group CISOs Connect surveyed its CISO members for the Ransomware in Focus report, quizzing them on their ransomware experiences. They represented companies of all sizes. 

The survey responses indicated that the ransomware problem will get worse before it gets better. Of the CISOs surveyed, 69% expect to be hit by a ransomware attack in the coming year, up from 53% who were hit with ransomware attacks last year. 

The survey also showed that even companies hit by a ransomware attack aren't that good at plugging holes in their defenses, with almost a quarter (23.8%) reporting they were hit multiple times last year. 

Midsize companies are a more likely target, with companies employing 1,000 to 4,999 people suffering the highest rate of attacks at 67.5%. Companies employing 10,000 to 25,000 people suffered the next highest rate at 62.2%. 

Smaller companies were less likely to be hit, but the odds were still high, as 20% of organizations employing fewer than 100 people suffered an attack. 

Manufacturing was the highest-hit sector, with 81.3% of respondents in that sector getting hit, followed by telecoms and technology at 79.3%. Professional services suffered the lowest rate of attacks at a still-concerning 43.5%. 

Ransomware payments are one of the least concerning things for CISOs when considering attacks. The hard cost of paying the ransom was the second-last concern among 11 issues raised. Instead, they're primarily worried about sensitive data exposure, followed by the cost of returning to normal operations, and the potential loss of revenue from disruption. 

Payment figures bear this out, with 65% of companies that suffered a successful attack paying the ransom. Only 55% of those payers got all their data back. Most of the rest only got some of their data. 

In spite of the low success rate, many companies would still pay up. The survey found 35.6% likely to pay a ransom if they were hit in the next year, with another 25% reporting a 50-50 chance that they'd hand over the money. 

Related Resource

2021 state of email security report: Ransomware on the rise

Securing the enterprise in the COVID world

2021 state of email security report: Ransomware on the rise - whitepaper from MimecastFree download

Some companies (15%) have even prepared a Bitcoin reserve for such an event, while another 17% retained a cryptocurrency broker that could access digital coins if necessary. 

Just over seven in ten organizations had an incident response plan to cope with a ransomware attack. One surprising statistic from the report was only 60.7% of respondents felt they had good data backup and recovery technology. Another 23.5% had some solution but wanted an upgrade, while 14.2% of organizations had no backup solution at all but plan to add one, and 1.6% had no plans to add one. 

Featured Resources

How to hold more productive meetings

Tips and tricks to get the most out of your meetings

Free Download

Enabling the future of work with embedded real-time communication

A new dimension of human interaction is coming to digital work

Free Download

How to do hybrid work right

Overcoming challenges in the transition to hybrid work

Watch now

HCI 2.0 From HPE: How it can help your business thrive

Why SMBs need to accelerate digital transformation with HCI

Free download

Recommended

Dell Technologies World 2022: Dell unveils fastest storage architecture in company history
Server & storage

Dell Technologies World 2022: Dell unveils fastest storage architecture in company history

4 May 2022
Dell Technologies World 2022: Dell unveils security offerings for major cloud providers
public cloud

Dell Technologies World 2022: Dell unveils security offerings for major cloud providers

3 May 2022
How do you become an ethical hacker?
ethical hacking

How do you become an ethical hacker?

29 Apr 2022
What is phishing?
phishing

What is phishing?

29 Apr 2022

Most Popular

Windows Server admins say latest Patch Tuesday broke authentication policies
Server & storage

Windows Server admins say latest Patch Tuesday broke authentication policies

12 May 2022
16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

13 May 2022
How full-stack observability can accelerate IT innovation
Sponsored

How full-stack observability can accelerate IT innovation

3 May 2022