About a third of organizations worldwide have experienced ransomware attacks, according to the latest data from industry insights provider International Data Corp. (IDC). The attack either led to a data breach or blocked access to systems.
The IDC report reveals that the manufacturing and finance industries reported the highest ransomware incident rates while the transportation, communication, and utilities/media industries reported the lowest rates. (The Sophos report, however, saw that education and retail sectors had the most ransomware attacks in the past year.)
“Ransomware has become the enemy of the day; the threat that was first feared on Pennsylvania Avenue and subsequently detested on Wall Street is now the topic of conversation on Main Street,” said Frank Dickson, program vice president, Cybersecurity Products at IDC. “As the greed of cyber miscreants has been fed, ransomware has evolved in sophistication, moving laterally, elevating privileges, actively evading detection, exfiltrating data, and leveraging multifaceted extortion.”
The IBM report saw that the cost of a data breach was at its record highest in 2020, during the pandemic when work and school shifted to online.
The report, “IDC’s 2021 Ransomware Study: Where You Are Matters!,” presents findings from the Future Enterprise Resiliency & Spending Survey of nearly 800 IT decision makers and influencers. The July 2021 survey focused on topics such as attention by the board of directors, ransomware payments, size of the ransomware, number of ransomware payments, and the exfiltration of data.
Average ransom payment
The IDC found that only 13% of organizations that had a ransomware attack did not pay any ransom. While the average ransom payment was almost a quarter million dollars, a few large ransom payments (more than $1 million) skewed the average.
IDC said organizations have improved their security postures proof of heightened awareness on the ramifications, not only on cost but also brand reputation, of a ransomware attack.
Analysis of the survey results also showed that organizations that are further along in their digital transformation (DX) efforts were less likely to have experienced a ransomware event. These are organizations that have committed to a long-term DX investment plan with a multi-year approach tied to enterprise strategy.