Survey reveals 83 per cent of organisations hit by Ransomware in the past year, many paying multiple ransoms
A concerning trend of multiple, sometimes simultaneous, cyber attacks is pushing business leaders to re-evaluate their cyber resilience strategies, particularly focusing on common vulnerabilities like inadequate identity system backup and recovery practices, according to a recent report by Semperis.
A survey of nearly 1,000 IT and security professionals reveals that 83 per cent of organisations were targeted by ransomware attacks over the past year, with many suffering repeated breaches within the same year. The impact of these attacks has been severe, resulting in business closures, layoffs, loss of revenue, diminished customer trust, and the cancellation of cyber insurance policies.
Semperis Strategic Advisor and former U.S. National Cyber Director Chris Inglis highlighted the relentless nature of these threats, stating, “Considering the 24/7 threat against today’s organisations, you can never say ‘I am safe’ or take a moment off. The best you can do is to make your environment defensible and then defend it.”
Despite widespread adoption of cybersecurity measures and disaster recovery planning, many companies find themselves paying ransoms multiple times annually. The survey showed that 74 per cent of those attacked in the past 12 months were targeted multiple times, with 78 per cent of these organisations ultimately paying the ransom—72 per cent of them more than once. Moreover, 87 per cent of these attacks caused significant business disruption, including data loss and system outages.
The survey also revealed that 35 per cent of victims who paid ransom either did not receive decryption keys or received corrupted ones, prolonging recovery efforts. Although 70 per cent of respondents claimed to have an identity recovery plan, only 27 per cent had dedicated, malware-free backup systems for Active Directory (AD), underscoring the need for more robust and tested cyber-specific recovery plans.
