Almost 70% of CISOs expect a ransomware attack

Many companies are willing to make ransomware payments in the face of the growing threat

Fears over ransomware attacks are worsening, according to a survey of CISOs released this week. 

Security knowledge-sharing group CISOs Connect surveyed its CISO members for the Ransomware in Focus report, quizzing them on their ransomware experiences. They represented companies of all sizes. 

The survey responses indicated that the ransomware problem will get worse before it gets better. Of the CISOs surveyed, 69% expect to be hit by a ransomware attack in the coming year, up from 53% who were hit with ransomware attacks last year. 

The survey also showed that even companies hit by a ransomware attack aren't that good at plugging holes in their defenses, with almost a quarter (23.8%) reporting they were hit multiple times last year. 

Midsize companies are a more likely target, with companies employing 1,000 to 4,999 people suffering the highest rate of attacks at 67.5%. Companies employing 10,000 to 25,000 people suffered the next highest rate at 62.2%. 

Smaller companies were less likely to be hit, but the odds were still high, as 20% of organizations employing fewer than 100 people suffered an attack. 

Manufacturing was the highest-hit sector, with 81.3% of respondents in that sector getting hit, followed by telecoms and technology at 79.3%. Professional services suffered the lowest rate of attacks at a still-concerning 43.5%. 

Ransomware payments are one of the least concerning things for CISOs when considering attacks. The hard cost of paying the ransom was the second-last concern among 11 issues raised. Instead, they're primarily worried about sensitive data exposure, followed by the cost of returning to normal operations, and the potential loss of revenue from disruption. 

Payment figures bear this out, with 65% of companies that suffered a successful attack paying the ransom. Only 55% of those payers got all their data back. Most of the rest only got some of their data. 

In spite of the low success rate, many companies would still pay up. The survey found 35.6% likely to pay a ransom if they were hit in the next year, with another 25% reporting a 50-50 chance that they'd hand over the money. 

Related Resource

2021 state of email security report: Ransomware on the rise

Securing the enterprise in the COVID world

2021 state of email security report: Ransomware on the rise - whitepaper from MimecastFree download

Some companies (15%) have even prepared a Bitcoin reserve for such an event, while another 17% retained a cryptocurrency broker that could access digital coins if necessary. 

Just over seven in ten organizations had an incident response plan to cope with a ransomware attack. One surprising statistic from the report was only 60.7% of respondents felt they had good data backup and recovery technology. Another 23.5% had some solution but wanted an upgrade, while 14.2% of organizations had no backup solution at all but plan to add one, and 1.6% had no plans to add one. 

Featured Resources

2021 Thales cloud security study

The challenges of cloud data protection and access management in a hybrid and multi cloud world

Free download

IDC agility assessment

The competitive advantage in adaptability

Free Download

Digital transformation insights from CIOs for CIOs

Transformation pilotes, co-pilots, and engineers

Free download

What ITDMs did next - and what they should be doing now

Enable continued collaboration and communication for hybrid workers

Recommended

Trend Micro Worry-Free Business Security review: Great cloud-managed malware protection
endpoint security

Trend Micro Worry-Free Business Security review: Great cloud-managed malware protection

7 Dec 2021
BitMart suspends withdrawals following hack
cryptocurrencies

BitMart suspends withdrawals following hack

6 Dec 2021
Bridging the DevSecOps divide: Spotlight on key relationships
Whitepaper

Bridging the DevSecOps divide: Spotlight on key relationships

3 Dec 2021
Planned Parenthood cyber attack exposes data of 400,000 patients
cyber attacks

Planned Parenthood cyber attack exposes data of 400,000 patients

3 Dec 2021

Most Popular

What should you really be asking about your remote access software?
Sponsored

What should you really be asking about your remote access software?

17 Nov 2021
Australia film archive gets $41.9 million to digitise audiovisual heritage
digitisation

Australia film archive gets $41.9 million to digitise audiovisual heritage

6 Dec 2021
Nike to take customers into the metaverse with 'NIKELAND'
virtualisation

Nike to take customers into the metaverse with 'NIKELAND'

19 Nov 2021