A recent survey conducted by the Ponemon Institute on behalf of Illumio, a zero-trust segmentation platform provider, revealed 88% of surveyed organizations had experienced one or more ransomware attacks in the past 12 months, highlighting the extent to which ransomware groups are running riot and the difficulty organizations have defending against attacks. The survey was conducted on 2,547 IT and cybersecurity professionals in the United States, United Kingdom, Germany, France, Australia, and Japan, including 7% of respondents from the healthcare and pharmaceutical sectors. The findings of the survey were published in Illumio’s *Global Cost of Ransomware Report.*On average, organizations spent almost one-third of their IT budget on ransomware defense, yet 88% still experienced a ransomware attack, showing it is not how much money is devoted to ransomware defense but how that information is spent that is important. Multifactor authentication, automated patching, intrusion prevention/detection systems, email security, and segmentation/micro-segmentation were the most common cybersecurity controls used to combat ransomware. While AI can help combat ransomware attacks, only 42% of organizations use AI as part of their defense strategy. Of those that do, 46% said it improves SecOps efficiency, 44% said it detects ransomware activity, 42% said it prevents ransomware from being deployed, and 41% said it helps them to respond to and resolve ransomware incidents.Despite the high percentage of organizations experiencing at least one ransomware attack, 54% of respondents were confident their ransomware defenses are effective, and 47% of respondents had confidence that their third-party suppliers have implemented privacy and security practices to reduce the risk of a data breach. Organizations were less confident in the ability of their employees to identify phishing and social engineering attempts, which is a concern since phishing is the most common way ransomware groups gain initial access to networks. Phishing was identified as the initial access vector by 45% of respondents, followed by RDP compromise (32%), and exploitation of software vulnerabilities (19%). While vulnerabilities are only exploited for initial access in around one-fifth of ransomware attacks, they are commonly exploited post-compromise for lateral movement. 52% of respondents said systems with unpatched vulnerabilities were targeted, 47% said weak passwords were exploited, and 35% said the threat actor exploited local administrator weaknesses.In 47% of attacks, the threat actor exfiltrated data and used it as leverage to pressure the victim into paying the ransom, 45% of victims were hit with DDoS attacks, and 34% of attacks saw the threat actor contact stakeholders and customers. Many threat actors are now dropping file encryption, as data theft and threats to leak data are often enough to get victims to pay up. Only 34% of attacks involved data encryption.Ransomware attacks result in costly downtime, which is often the biggest cost associated with an attack. 58% of organizations said they were forced to shut down operations, with 40% suffering significant revenue loss, and 35% suffering brand damage. On average, the time taken to contain and remediate the biggest attack was 132 hours, with 17.5 staff/third parties involved, and an average overall cost of $146,685. In 2021 when the survey was last conducted, the average containment/remediation time was 190 hours, involving 14 staff at an average cost of $168,910.In 2024, the average ransom demand was $1.2 million, and 51% of victims admitted to paying the ransom demand. The most common reasons for paying the ransom were data leak prevention (47%), avoidance of downtime (47%), cyber insurance coverage (41%), and all of the above (40%). The 49% of victims who didn’t pay the ransom said the main reasons for not paying were encryption/theft of non-critical data (49%), backups were not encrypted allowing data recovery (48%), it was company policy not to pay ransoms (47%), a lack of trust that decryption keys would be provided (46%), and advice from law enforcement to not pay the ransom (40%). Paying a ransom does not guarantee the recovery of data. Only 13% of victims were able to recover all encrypted data, 40% said the ransom was paid but data was still leaked, and 32% said additional payments were demanded or they were threatened with further attacks. It is no surprise given these figures that 51% of respondents said they now have a policy of not paying ransom demands.The advice of the Federal Bureau of Investigation (FBI) is to never pay a ransom but regardless of the ransom payment decision, victims should promptly notify the FBI about an attack. The survey revealed only 28% of victims notified law enforcement about an attack. The reasons provided were the avoidance of unwanted publicity (39%), a short payment deadline (38%), retaliation fears (38%), and the extortion demand was not exorbitant (24%).The post [Study Reveals 88% of Companies Experienced a Ransomware Attack Last Year](https://www.hipaajournal.com/cost-of-a-ransomare-attack-study-2024/) appeared first on [The HIPAA Journal](https://www.hipaajournal.com).
Related Tags:
NAICS: 81 – Other Services (except Public Administration)
NAICS: 62 – Health Care And Social Assistance
NAICS: 541 – Professional
Scientific
Technical Services
NAICS: 622 – Hospitals
NAICS: 92 – Public Administration
NAICS: 922 – Justice
Public Order
Safety Activities
NAICS: 813 – Religious
Grantmaking
Civic
Professional Services
Similar Services
Blog: Hipaa Journal
TA0001 – Initial Access
Associated Indicators: