A third of organizations experience a ransomware attack at least once a week, with one in 10 experiencing them more than once a day, according to a new report by Menlo Security.
The report also suggested almost half of the organizations surveyed have been the victim of a successful ransomware attack in the last 18 months, with customers and prospects the most likely entry point for an attack.
For context, the research took into consideration the responses of more than 500 IT security decision-makers at US and UK organizations with more than 1000 employees.
In terms of main worries related to cyber-attacks, respondents said their biggest concern was the risk of employees ignoring corporate security advice and clicking on links or attachments containing malware (46%).
Also, 41% of respondents mentioned ransomware attacks evolving beyond their team’s knowledge and skillset, while 39% said they mainly worried about them evolving beyond their company’s security capabilities.
“Security professionals are coming under increasing pressure as organizations face an unprecedented number of highly sophisticated threats like ransomware,” explained Mark Guntrip, senior director of cybersecurity strategy at Menlo Security.
“On the frontline of cyber defense, they are often coping with huge amounts of stress, worrying about what employees are doing, their team and whether they are getting the right support internally, so it’s no surprise they are prioritizing the business over job security.”
Further, the Menlo report suggests a disparity between the perceived and actual cost of recovering from a ransomware attack, with the average estimated cost being $326,531, while the actual, average total cost of recovery from a ransomware attack in 2021 was estimated at $1.4 million.
Finally, the survey indicated uncertainty regarding whether a ransom should be paid or not, with two-thirds of respondents saying they would pay a ransomware demand, 31% saying their insurance company should pay it and nearly one in five saying the government should pay.
Also, more than a quarter (27%) of respondents said they would never pay a ransomware demand.
“Paying a ransomware demand depends on your level of preparedness – do you have the right processes and strong backup in place? If so, you won’t need to pay it,” said Guntrip.
“If, however, your organization is unable to function as normal, access data or the damage is likely to bring down the business, that’s when you need to re-evaluate your options.”
The full text of the Assessing ransomware readiness in 2022 report is available here.