ExtraHop report shows rising ransomware costs for organisations
ExtraHop has released a detailed report titled "Global Ransomware Trends: Predicting Attackers Next Victims," derived from the 2024 Cyber Confidence Index survey. This report provides a comprehensive analysis of ransomware trends affecting various geographies, industries, and organisations of differing sizes. The aim is to equip cybersecurity leaders with insights to better understand their associated risks.
The research reveals that security leaders are increasingly targeted by ransomware, facing an average of nearly eight incidents annually and paying out an average of close to USD $2.5 million in ransom payments. The frequency and financial impact of these attacks, however, vary significantly depending on factors such as geography and organisational size.
According to the findings, organisations based in the United States are the most affected, experiencing the highest number of ransomware incidents on average and paying nearly USD $2 million more than the global average ransom. In contrast, respondents from Germany reported the fewest ransomware incidents.
The government sector, despite not listing ransomware as its highest risk, reported an average of more than eight attacks in the past year. This sector had one of the largest average ransom payments, recorded at USD $3.8 million. Additionally, the government sector has the highest percentage of organisations that paid over USD $25 million in ransom payments.
Mark Bowling, Chief Information Security and Risk Officer at ExtraHop, underscores the indiscriminate threat posed by ransomware. "Ransomware is targeting some organisations more than others, but despite this notion, everyone needs to be prepared to curtail exposure to the risks and damage posed by an incident," said Bowling. He added, "As ransomware continues to find ways to bypass and evade existing security controls, we can anticipate that these statistics will only grow more dire. Amid high-profile political elections and a growing call for regulatory action across the globe, it is time that the cybersecurity industry comes together to develop and adopt a more resilient security framework that can identify a ransomware attack before it devastates entire organisations, industries, and even economies."
The report also highlights that larger organisations face a heightened risk. Companies with more than 5,000 employees are more likely to experience a ransomware incident and are more willing to pay the ransom. On average, these larger organisations paid more than USD $4 million in ransom payments.
The newly released report serves as a crucial resource for cybersecurity leaders aiming to understand and mitigate ransomware risks. The growing prevalence and sophistication of ransomware attacks necessitate the development of a comprehensive and proactive security framework to protect against potential threats that could impact not just companies, but also entire industries and economies.