CBI Report: 80% of Companies Impacted by Ransomware Despite $6 Million Average Annual Spend to Fight It
Companies lack confidence in their security controls, and the lack of a ransomware mitigation strategy has led to a temporary shutdown for 45% of impacted companies
FERNDALE, Mich., Feb. 23, 2022 /PRNewswire-PRWeb/ -- Today, CBI released a new research report, "The Cost & Consequences of Ransomware for Small to Large-sized Enterprises" with research conducted by the Ponemon Institute and sponsored by Check Point.
The report, based on a survey of IT and security professionals, takes a comprehensive look at companies' ransomware strategies and mitigation tactics and the operational impact of incidents. Eighty percent of companies surveyed have experienced a ransomware attack, despite spending an average of $6 million annually on ransomware mitigation resources.
The report uncovered other significant takeaways relating to organizations' approaches to and experiences with ransomware incidents:
- Only 32% are confident in their security controls, indicating the need to use more effective approaches to prevent ransomware attacks
- 75% are concerned about the ransomware risks posed by third parties, but only 36% of organizations evaluate their third parties' security and privacy practices
- The average ransomware payment is approximately $1 million
"Ransomware incident preparedness and mitigation remains one of the biggest challenges facing organizations regardless of their size, but it doesn't mean it has to be one of the biggest budget allocations. Organizations need to gain confidence in their approaches, technologies, personnel and tactics. Part of building that confidence is admitting where there are gaps and collaborating with strong partners to fill those gaps," says Shaun Bertrand, CSO at CBI.
The report found that companies are spending $170,000 per ransomware incident on staffing alone, with an average of 14 staff members each spending 190 hours on containment and remediation activities. The group's report also uncovered that there is a significant lack of trust in the ransomware alerts respondents receive as nearly one out of two weekly alerts are considered unreliable.
Paying the Ransom
Fifty-three percent of companies who experienced an attack paid the ransom. The most common reason given for paying the ransom was to avoid operational downtime. Of those who did not pay, 39% said they did not pay because they had an effective backup strategy. However, 55% of organizations felt that full and accurate data backups are not enough to properly mitigate a ransomware incident, likely because, in 41% of cases, sensitive data was also exfiltrated during the attack.
Ransomware Attacks Continue Diversifying
Organizations' attack surfaces are continuing to evolve and expand, leading to more diversified attacks and concerns about attack frequency and preparedness. Sixty-seven percent of respondents acknowledge that their company's IoT device usage increases their risks of ransomware. While companies understand the seriousness of ransomware attacks, only 33% are highly confident in their companies' response ability.
Larry Ponemon, Ph.D., Chairman and Founder of Ponemon Institute, noted, "The cost per incident will continue to increase, and the types of attacks will continue to evolve. What's most striking is the vast majority of organizations are not doing enough to evaluate the security of their third parties. These findings should be a wakeup call and motivate organizations to evolve their ransomware mitigation playbooks."
Download the full report here and register for our upcoming webinar on March 3, 2022, at 2:00 p.m. ET
About CBI
CBI is a leading cybersecurity advisor to many of the world's top tier organizations. Founded in 1991, CBI provides innovative, flexible and customizable solutions that help ensure data is secure, compliant and available. We engage in an advisory-led approach to safeguard our clients against the ever-changing threat landscape—giving them comprehensive visibility into their entire security program and helping them avoid cyber challenges before they can impact their data, business and brand. We are dedicated to the relentless pursuit of mitigating risks and elevating corporate security for a multitude of industries and companies of all sizes.
About Ponemon Institute
The Ponemon Institute© is dedicated to advancing responsible information and privacy management practices in business and government. To achieve this objective, the Institute conducts independent research, educates leaders from the private and public sectors and verifies the privacy and data protection practices of organizations in a variety of industries.
About Check Point Software Technologies Ltd.
Check Point Software Technologies Ltd. is a leading provider of cyber security solutions to governments and corporate enterprises globally. Its solutions protect customers from 5th generation cyber-attacks with an industry leading catch rate of malware, ransomware and other types of attacks. Check Point offers multilevel security architecture, "Infinity" Total Protection with Gen V advanced threat prevention, which defends enterprises' cloud, network and mobile device held information. Check Point provides the most comprehensive and intuitive one point of control security management system. Check Point protects over 100,000 organizations of all sizes.
Media Contact
Erica Stuchel, W2 Communications, 1 609-385-7655, [email protected]
SOURCE CBI
Share this article