554 IT Industry Professionals completed an Industry Survey on the impact of Ransomware in 2023. Here are the results.
Share / Embed This On Your Site
The Impact of Ransomware in 2023
We talk a lot about ransomware attacks within our own organizations—how to prepare for them, what to do when they happen, and the best way to stop the overall threat. While an ever-popular question is “should we pay the ransom?” (which most said they are unlikely to), there are so many other highly impactful aspects to ransomware preparedness and response. We surveyed more than 500 IT and security professionals to look at the impact of ransomware in 2021 and 2022 to begin to answer that question.
We Take Ransomware Seriously
In short: The vast majority of respondents appreciate the gravity of the ransomware threat, and know that it’s likely to stay the same, or increase, given that more than one-third of respondents have experienced a ransomware event.
Share / Embed This On Your Site
More, Or Less Risk In 2023?
More than 80% of respondents believe that their organization is at the same or higher risk of being a target for a ransomware attack in 2023, as compared with 2021 and 2022, it’s good to see that it is being taken seriously.
Share / Embed This On Your Site
A Real Threat?
More than 80% of respondents believe ransomware is a significant threat to their organizations
Share / Embed This On Your Site
"C-Suite" & Ransomware
And the majority consider executives at their organizations to be somewhat informed to well-informed of the threat it poses.
Share / Embed This On Your Site
Departmental Impact
Respondents identified operations (26%) and their organization’s reputation and customer trust (35%) as the top two areas that would be most negatively impacted by a ransomware attack. The exact cost of reputational damage can be hard to quantify, although BitDefender found that businesses can lose half their customer base after a data breach. And stalled operations will likely mean downtime, which can be extremely costly—in 2020, downtime cost American businesses $20.9 billion USD.
Share / Embed This On Your Site
Share / Embed This On Your Site
The Length of Disruption Varies.
Many expect getting back to business as normal would take hours (29% of respondents), 52% expect it to take days, while others think the length of time would be closer to weeks (14%) or months (3%). Longer disruptions will of course carry bigger costs, but even in the best-case scenario, the downtime and financial impact will be significant.
Good News
The good news is that most organizations are aware of the dangers now. Many respondents believe that those in their organization understand the threat or that communicating it is becoming easier.
Share / Embed This On Your Site
Understanding The Threat
Since almost everyone, especially corporate decision makers, now “get” ransomware, obtaining corporate approval to purchase solutions should not create the kind of challenges that spending on IT initiatives often involves.
Share / Embed This On Your Site
We Think We're Prepared ... But Are We?
Overall, the majority of respondents rated their company’s level of preparedness for a ransomware attack highly, giving it a score of at least a 7 out of 10.
Share / Embed This On Your Site
Share / Embed This On Your Site
Confidence Is High
In addition, nearly 80% of respondents scored their confidence that their data storage strategy is ransomware-proof at a 6 out of 10 or higher. While many respondents believe their backup strategy is moderately to highly ransomware-proof, those that do not should invest in creating a ransomware-resistant backup strategy that will be both reliable and usable in the event of an incident. It’s important to be able to rely on these backups to help reduce downtime and data loss, and get operations back to normal as quickly as possible.
Taking DR & IR Seriously
Further, a majority have disaster recovery (DR) or incident response (IR) plans in place.
And 60% say their organization dedicates sufficient resources to implementing security measures and educating those within their organization on them.
Share / Embed This On Your Site
Warning Signs
But a closer look also exposes areas of concern. Approximately 40% of those with DR and IR plans do not update them regularly, or the plans are undocumented. This could prove risky during an actual ransomware attack, in which there are many different groups from both inside and outside the organization involved, all of whom may have different priorities, needs, and understandings of “what needs to happen.” It’s great that so many respondents have a DR and IR plan, and working to keep them updated and documented as much as possible will further improve their utility if they’re needed. If you do not, consider implementing them, with plans for how and when they should be updated and appropriate documentation.
Share / Embed This On Your Site
Share / Embed This On Your Site
When The Worst Happens
In the case an attack does occur, only about 56% of respondents have an IR team on retainer (or the ability to respond themselves) and cyber insurance, potentially leaving the other 44% without key aspects of their response squared away ahead of time. Consider whether cyber insurance or outside help will benefit your organization should a ransomware attack occur. Explore whether it makes sense to get an IR team on retainer, outside legal counsel, negotiators—and in the event of an incident, listen to them!
Prep Takes Time
When asked how many hours per month are spent on ransomware preparedness, threat hunting, or incident response, 60% said between 0 and 4 hours. Here, there’s certainly an opportunity for companies to improve their level of preparedness against ransomware attacks. But that often requires buy-in at the highest levels of the organization to ensure resources like time, money, and personnel can be dedicated to the task. Where possible, look to increase the time your organization devotes to IR planning, threat hunting and ransomware preparedness. Consider working through tabletop exercises to walk through how key teams in the organization will work together during the ransomware attack and resulting response. This can involve your IT team, security team, and maybe senior leadership, PR, or HR teams within the organization—basically, anyone who will be involved in the real event should participate in this one.
Share / Embed This On Your Site
So What Do We Do About Ransomware?
While 13% of respondents believe nothing can be done to stop the scourge of ransomware, 45% of respondents believe that “better defenses” are the most effective step, followed by more public/private partnerships (20%) and cryptocurrency regulation (9%).
Share / Embed This On Your Site
What Next?
Ransomware is unlikely to go away, but implementing better defenses at our organizations can certainly help mitigate the threat. For additional ideas on how to augment defenses, check out “How to Prevent Ransomware”.
Share / Embed This On Your Site
Free Download Now & Stay Ahead In Future
Submit For Download & Get The Latest Right In Your Inbox
Don't Worry, We Hate Spam Too.
Download The "Ransomware Survey" Infographic
Get the full ransomware survey in one infographic.