Ransomware attacks: many organizations under-estimate the cost of recovery

Published: Thursday, 04 August 2022 06:50

Ransomware attacks show no sign of slowing and organizations often under-estimate the cost of recovery, according to a new research report, ‘2022 Impacts: Ransomware attacks and preparedness’, published by Menlo Security. A recent survey for the report found that a third of organisations experience a ransomware attack at least once a week, with one in 10 experiencing them more than once a day.

The research, conducted among 505 IT security decision makers at US and UK organizations with more than 1,000 employees, highlights the impact this is having on security professionals’ own wellbeing. When asked what keeps them awake at night, 41 percent of respondents say they worry about ransomware attacks evolving beyond their team’s knowledge and skillset, while 39 percent worry about them evolving beyond their company’s security capabilities.

Their biggest concern, however, is the risk of employees ignoring corporate security advice and clicking on links or attachments containing malware (46 percent). Respondents worry more about this than they do their own job security, with just a quarter (26 percent) of respondents worried about losing their job.

According to the report, around half of organizations (61 percent US and 44 percent UK) have been the victim of a successful ransomware attack in the last 18 months, with customers and prospects the most likely entry point for an attack. Partners/suppliers and employees/contractors are also seen as serious security risks, although one in 10 admit they are unable to identify how the attacks got in. The top three ransomware attack vectors are email (54 percent), web browsers via a desktop or laptop (49 percent) and mobile devices (39 percent).

Cost of recovery from ransomware attacks underestimated

The report also suggests that there is a growing disparity between the perceived cost and actual cost of recovering from a ransomware attack among security professionals. The survey shows that the average estimated cost is $326,531, with insurance payouts extending up to an average of $555,971 – although a significant minority (24 percent) admit they don’t know the value of their insurance policy or if they have cover. Industry figures, however, show the average total cost of recovery from a ransomware attack in 2021 was $1.4 million.

Ransomware demands – to pay or not to pay?

There is also some debate about whether to pay a ransomware demand or not. One in three (32 percent) decision makers worry about the risk of paying a ransomware demand and not getting their data back. Yet nearly two-thirds of respondents would pay a ransomware demand. Almost a third (31 percent) say it’s down to their insurance company to pay it, and nearly one in five say the government should pay. More than a quarter (27 percent) of respondents say they would never pay a ransomware demand.

Ransomware incident response

Less than half (45 percent) of survey respondents implement a data backup or recovery plan as the first step in the event of a ransomware attack. While 37 percent inform their employees about an attack and 33 percent tell customers, only 29 percent will contact the CEO or Board in the first instance. One in 10 admit they don’t know what step one is.

More details.