Ransomware attacks down more than 60%, report reveals
Things may be looking up in the fight against ransomware, according to the 2022 State of Ransomware Report recently released by Delinea.
The ransomware report found that cyber attacks using the popular compromising tactic have declined significantly over the past 12 months compared to the previous year, and fewer companies are paying ransoms. However, there are red flags in the annual report related to spending, planning and using cybersecurity tools available to combat ransomware.
The survey of 300 U.S.-based IT decision makers, conducted on Delinea's behalf by Censuswide, found that only 25% of organisations were victims of ransomware attacks over the past 12 months, a stunning 61% decline from the previous 12-month period when 64% of organisations reported being victims.
Furthermore, the number of victimised companies who paid the ransom declined from 82% to 68%, which could be a sign that warnings and recommendations to not pay ransoms are being heeded. Larger companies are much more likely to be victims of ransomware, as 56% of companies with 100 or more employees said they were victims of ransomware attacks.
Along with these positive results, the survey also raised concerns that a potentially reduced threat could lead to complacency. Budget allocations for ransomware are in decline, as only 68% of those surveyed said they are currently allocated budget to protect against ransomware versus 93% during the prior year.
The number of companies with Incident Response Plans also declined from 94% to 71%, and only half are taking proactive, proven steps to prevent ransomware attacks such as enforcing password best practices (51%) and using Multi-Factor Authentication (50%), the report says.
"The reduction of ransomware attacks is an encouraging sign, but organisations need to make sure they keep their guard up against this constant, evolving threat," says Art Gilliland, chif executive officer of Delinea.
"Staying vigilant by maintaining a strong least privilege approach backed by stronger password protection, authentication enforcement, and access controls can help continue this downward trend."
Wahab Yusoff, Vice President, Asia Pacific & Japan, Delinea, says that while the headline results of the 2022 State of Ransomware Report are positive, Asia Pacific organisations should heed its warning against complacency.
"The report not only provides insights into what lies behind the good and bad numbers but also offers foresights into possible pitfalls to avoid," he says.
"Local organisations should consider the findings of the ransomware report as they review their cybersecurity strategies for 2023."
The survey also revealed that the consequences of ransomware attacks are now more tangible, as more respondents specified that their companies lost revenue (56%) and customers (50%) compared to the previous year. Fewer organisations (43%) reported reputational damage as a result of being victims of a ransomware attack.