Cyber resilience research commissioned by Cohesity, a pioneer in AI-powered data security, reveals the true cost of ransomware to finances and business operations and why overconfidence may be the cause.
The Cohesity Global Cyber Resilience Report 2024 surveyed over 3100 IT and Security decision-makers in eight countries on the impact of cybercrime and their abilities to withstand attack, showing an increase in threats and a trend towards ransom payments.
Cyber attacks
95% of UK respondents said cyber attacks were on the rise, a fact supported by more than half of UK respondents (53%) having fallen victim to a ransomware attack in 2023. This is a stark rise from the 38% of UK respondents who reported a ransomware attack in the previous year.
74% of UK respondents surveyed said they would pay a ransom to recover their data after an attack, and 59% of UK respondents had indeed paid a ransom in the previous year. Only 7% of UK respondents ruled it out, despite 2 in 3 (66%) having clear rules not to pay.
Ransom payment readiness
71% of UK respondents are confident in their company’s cyber resilience strategy
The readiness to pay a ransom highlights a mix of ignorance and overconfidence in recovering from a ransomware attack: 71% of UK respondents are confident in their company’s cyber resilience strategy and its ability to address today’s escalating cyber challenges and threats.
However, recovery from ransomware is significantly more difficult than paying a ransom and assuming the data is simply decrypted and restored. This dichotomy begs the question, are the cyber resiliency and recovery plans of those surveyed genuinely fit for purpose?
Logistical challenges and criminal liability
“Once again, we see a gap between expectation and reality in recovering from a cyberattack,” said James Blake, Global Head of Cyber Resiliency Strategy at Cohesity.
“We live in a ‘when’ not ‘if’ world, and it appears many IT and security professionals are confident in their ability to recover data only when they pay the ransom. Paying a ransom rarely results in the recovery of all data. It brings logistical challenges and potential criminal liability for paying sanctioned entities - not to mention rewarding criminals. It’s time to focus on resiliency and end the cycle.”
Costs of ransomware
According to Chainalysis, ransom payments were estimated to amount to at least $1.1 billion in Bitcoin in 2023
The costs can be staggering: UK respondents paid an average of £870,000, with two respondents paying between £10 million and £20 million.
On a global basis, Cohesity’s data reveals that 5% of companies had paid upwards of £10 million, with one organisation surveyed admitting to having paid over £20 million in ransom. According to Chainalysis, ransom payments were estimated to amount to at least $1.1 billion in Bitcoin in 2023.
Incidents of ransomware attacks
The problem is not contained in the UK. The UK is well below the global average. Cohesity’s global data revealed 67% of respondents had fallen victim to a ransomware attack in the previous 12 months, with France the most affected at 86% of respondents.
Globally, a staggering 83% would pay the ransom – again, France was the highest, with 97% of respondents admitting they would pay. Interestingly, the data shows a clear correlation between countries that would pay a ransom, and those reporting the highest incidents of ransomware attacks and an increase in cyber threats.
Consequences of paying a ransom
Enabling gangs to profit from their crimes only exacerbates the problem
The trend towards relying on ransom payments also shows a disturbing ignorance of the long-term effect of rewarding criminal gangs and in the immediate recovery of data following a ransomware attack.
Enabling gangs to profit from their crimes only exacerbates the problem by turning ransomware into a business, attracting more players, and allowing investments into resources, thereby increasing the threat.
Quality and reliability
Data also shows that only 4% of respondents recover all their data, while the value of the data recovered is a complete lottery. Likewise, it is a logistical nightmare because the distribution of keys from the ransomware gangs is a rushed, haphazard process that is never engineered for quality and reliability.
Organisations often take months to recover and may not have patched vulnerabilities, leaving a backdoor open for further ransomware attacks. Not only this but making payments may be illegal in some cases and often voids insurance policies while being unethical.
Cyber resilience
70% of UK organisations surveyed had stress-tested their data security, management, and recovery processes
Cyber resilience – defined as a company’s ability to recover their data and restore business processes after a cyberattack – remains a clear challenge: less than 2% of respondents could recover data & restore business processes within 24 hours; 1 in 4 (23%) could recover within 1-3 days; while 19% need anything from 3 weeks to 2 months.
This highlights another failure to test security and recovery sufficiently: just 70% of UK organisations surveyed had stress-tested their data security, management, and recovery processes in the previous 12 months, compared to a global average of 87%.
Data security or recovery capabilities
“Cyber resilience is critical because the incentive and motivation of attackers are so high, with attack surfaces incredibly vast, so a reliance on protective controls is unrealistic,” said James Blake. “Destructive cyberattacks severely disrupt an organisation’s ability to deliver its products and services, impacting revenue, reputation, their downstream supply-chain and customer trust."
"This risk must be at the forefront of business leaders’ priorities, not just IT and Security leaders. Similarly, regulation and legislation should not be seen by companies as the ‘ceiling,’ but instead the ‘floor,’ in both developing cyber resilience and adopting data security or recovery capabilities.”
About the survey
The findings are based on a survey of 3139 IT & Security decision-makers (split as close to 50:50 as possible) commissioned by Cohesity and conducted by Censuswide between 27.06.2024 and 18.07.2024.
The top five industries that respondents selected as best representing their company's operations were IT & Telecommunications, Manufacturing, Financial Services (incl. Insurance), Banking & Wealth Management, and Hospitals & Healthcare. Censuswide abides by and employs the Market Research Society members, follows the MRS code of conduct and ESOMAR principles, and is a member of the British Polling Council.