Over 80% of global organizations have been hit by ransomware in the past two years, but executives still have a false sense of security about being able to prevent future attacks, according to Mimecast.
The email security firm polled 742 cybersecurity professionals worldwide to compile its latest report, State of Ransomware Readiness: Facing the Reality Gap.
It revealed that victim organizations in the US are paying a much higher price for security breaches. The average ransom here was $6.3m, versus just $848,000 in the UK and $59,000 in Australia. On average, 39% of victims said they paid.
However, the ransom itself comprises only one element of the financial and reputational risk stemming from a successful attack. Others cited by respondents were operational disruption (42%), significant downtime (36%), lost revenue (28%) and lost current customers (21%).
Two-fifths (39%) of executives also claimed they could lose their jobs over an attack, while a quarter (24%) saw changes to the C-suite following a breach.
Yet despite this recognition, executives appear over-confident in their organization’s ability to repel attacks. Some 83% believe they can get all their data back without paying a ransom, while over three-quarters (77%) think they can get operations back to normal within just five days.
“Ransomware attacks have never been more common, and threat actors are improving each day in terms of their sophistication and ease of deployment,” said Jonathan Miles, Mimecast head of strategic intelligence & security research.
“Preparation is key in combating these attacks. It’s great to see cybersecurity leaders feel prepared, but they must continue to be proactive and work to improve processes. This report clearly shows ransomware attacks pay, which gives cyber-criminals no incentive to slow down.”
The most common threat vector was listed as malicious attachments in phishing emails (54%).
Many respondents argued that their organization needs more advanced security (45%) and more frequent end-user training (46%) to tackle the threat.