Cyber resilience research commissioned by Cohesity, a pioneer in AI-powered data security, reveals the true cost of ransomware to finances and business operations and why overconfidence may be the cause.

The Cohesity Global Cyber Resilience Report 2024 surveyed over 3100 IT and Security decision-makers in eight countries on the impact of cybercrime and their abilities to withstand attack, showing an increase in threats and a trend towards ransom payments.

Cyber attacks

95% of UK respondents said cyber attacks were on the rise, a fact supported by more than half of UK respondents (53%) having fallen victim to a ransomware attack in 2023. This is a stark rise from the 38% of UK respondents who reported a ransomware attack in the previous year.

74% of UK respondents surveyed said they would pay a ransom to recover their data after an attack, and 59% of UK respondents had indeed paid a ransom in the previous year. Only 7% of UK respondents ruled it out, despite 2 in 3 (66%) having clear rules not to pay.

Ransom payment readiness

71% of UK respondents are confident in their company’s cyber resilience strategy

The readiness to pay a ransom highlights a mix of ignorance and overconfidence in recovering from a ransomware attack: 71% of UK respondents are confident in their company’s cyber resilience strategy and its ability to address today’s escalating cyber challenges and threats.

However, recovery from ransomware is significantly more difficult than paying a ransom and assuming the data is simply decrypted and restored. This dichotomy begs the question, are the cyber resiliency and recovery plans of those surveyed genuinely fit for purpose? 

Logistical challenges and criminal liability

Once again, we see a gap between expectation and reality in recovering from a cyberattack,” said James Blake, Global Head of Cyber Resiliency Strategy at Cohesity.

We live in a ‘when’ not ‘if’ world, and it appears many IT and security professionals are confident in their ability to recover data only when they pay the ransom. Paying a ransom rarely results in the recovery of all data. It brings logistical challenges and potential criminal liability for paying sanctioned entities - not to mention rewarding criminals. It’s time to focus on resiliency and end the cycle.

Costs of ransomware

According to Chainalysis, ransom payments were estimated to amount to at least $1.1 billion in Bitcoin in 2023

The costs can be staggering: UK respondents paid an average of £870,000, with two respondents paying between £10 million and £20 million.

On a global basis, Cohesity’s data reveals that 5% of companies had paid upwards of £10 million, with one organisation surveyed admitting to having paid over £20 million in ransom. According to Chainalysis, ransom payments were estimated to amount to at least $1.1 billion in Bitcoin in 2023.

Incidents of ransomware attacks

The problem is not contained in the UK. The UK is well below the global average. Cohesity’s global data revealed 67% of respondents had fallen victim to a ransomware attack in the previous 12 months, with France the most affected at 86% of respondents. 

Globally, a staggering 83% would pay the ransom – again, France was the highest, with 97% of respondents admitting they would pay. Interestingly, the data shows a clear correlation between countries that would pay a ransom, and those reporting the highest incidents of ransomware attacks and an increase in cyber threats.

Consequences of paying a ransom

Enabling gangs to profit from their crimes only exacerbates the problem

The trend towards relying on ransom payments also shows a disturbing ignorance of the long-term effect of rewarding criminal gangs and in the immediate recovery of data following a ransomware attack.

Enabling gangs to profit from their crimes only exacerbates the problem by turning ransomware into a business, attracting more players, and allowing investments into resources, thereby increasing the threat.

Quality and reliability

Data also shows that only 4% of respondents recover all their data, while the value of the data recovered is a complete lottery. Likewise, it is a logistical nightmare because the distribution of keys from the ransomware gangs is a rushed, haphazard process that is never engineered for quality and reliability. 

Organisations often take months to recover and may not have patched vulnerabilities, leaving a backdoor open for further ransomware attacks. Not only this but making payments may be illegal in some cases and often voids insurance policies while being unethical.

Cyber resilience

70% of UK organisations surveyed had stress-tested their data security, management, and recovery processes

Cyber resilience – defined as a company’s ability to recover their data and restore business processes after a cyberattack – remains a clear challenge: less than 2% of respondents could recover data & restore business processes within 24 hours; 1 in 4 (23%) could recover within 1-3 days; while 19% need anything from 3 weeks to 2 months.

This highlights another failure to test security and recovery sufficiently: just 70% of UK organisations surveyed had stress-tested their data security, management, and recovery processes in the previous 12 months, compared to a global average of 87%.

Data security or recovery capabilities

Cyber resilience is critical because the incentive and motivation of attackers are so high, with attack surfaces incredibly vast, so a reliance on protective controls is unrealistic,” said James Blake. “Destructive cyberattacks severely disrupt an organisation’s ability to deliver its products and services, impacting revenue, reputation, their downstream supply-chain and customer trust."

"This risk must be at the forefront of business leaders’ priorities, not just IT and Security leaders. Similarly, regulation and legislation should not be seen by companies as the ‘ceiling,’ but instead the ‘floor,’ in both developing cyber resilience and adopting data security or recovery capabilities.”

About the survey

The findings are based on a survey of 3139 IT & Security decision-makers (split as close to 50:50 as possible) commissioned by Cohesity and conducted by Censuswide between 27.06.2024 and 18.07.2024.

The top five industries that respondents selected as best representing their company's operations were IT & Telecommunications, Manufacturing, Financial Services (incl. Insurance), Banking & Wealth Management, and Hospitals & Healthcare. Censuswide abides by and employs the Market Research Society members, follows the MRS code of conduct and ESOMAR principles, and is a member of the British Polling Council.

Download PDF version Download PDF version

In case you missed it

Anviz Global expands palm vein tech for security
Anviz Global expands palm vein tech for security

The pattern of veins in the hand contains unique information that can be used for identity. Blood flowing through veins in the human body can absorb light waves of specific wavelen...

Bosch sells security unit to Triton for growth
Bosch sells security unit to Triton for growth

Bosch is selling its Building Technologies division’s product business for security and communications technology to the European investment firm Triton. The transaction enc...

In age of misinformation, SWEAR embeds proof of authenticity into video data
In age of misinformation, SWEAR embeds proof of authenticity into video data

The information age is changing. Today, we are at the center of addressing one of the most critical issues in the digital age: the misinformation age. While most awareness of thi...

Quick poll
What is the most significant challenge facing smart building security today?