An independent survey from Sophos published on April 27 found that 66% of organizations globally were hit by a ransomware attack last year, a 78% increase from the year before.
Enterprise technical decision-makers are operating in an increasingly hostile environment, where security threats are proliferating in number and complexity. In this environment, information technology leaders on the frontlines may find the stakes higher than ever: The report found that 86% of private-sector organizations hit by ransomware in 2021 said the attacks had caused their organization to lose business or revenue.
Ransom payments have also increased, the report found. The average payment over the past year was $812,360, almost five times more than the 2020 average of $170,000.
“Alongside the escalating payments, the survey shows that the proportion of victims paying up also continues to increase, even when they may have other options available,” said Chester Wisniewski, a principal research scientist at Sophos, in a statement sent to VentureBeat. “There could be several reasons for this, including incomplete backups or the desire to prevent stolen data from appearing on a public leak site.”
After a ransomware attack occurs, there can be intense pressure to get back up and running as soon as possible, Wisniewski said. “Restoring encrypted data using backups can be a difficult and time-consuming process, so it can be tempting to think that paying a ransom for a decryption key is a faster option.”
Sophos’s report was conducted in January and February 2022 by Vanson Bourne, a research agency, and surveyed 5,600 IT professionals at mid-size organizations (100-5,000 employees) in 31 countries. Respondents were asked about their experiences with ransomware over the previous year.