Broker Check

Ransomware Protection is Better than Payment

May 22, 2020

As reported on the Cyber Security Intelligence website, threat protection firm Sophos commissioned a survey of IT managers early this year. Based on responses by 5,000 managers in 26 countries, this "State of Ransomware" report provides new insights.

  • Paying ransom doubles the cost of dealing with an attack. Average cost for organizations that don't pay is $732,520 but $1,448,450 for those who do.
  • Over 50% of organizations experience an attack each year. When successful, data is encrypted in over 70% of attacks.
  • Over 90% of organizations get their data back, twice as many through backups as by paying ransom.
  • There are more attacks in the private than the public sector, with 60% of media, leisure and entertainment companies attacked.
  •  59% of successful attacks included data in the public cloud.
  • 94% of ransom payments were made by insurers. 84% of respondents have cyber insurance, but only 64% of policies cover ransomware.
  • Average remediation costs are $761,106.

Most law enforcement authorities recommend that ransom should not be paid. These statistics show that defense is a better, and less costly, strategy than payment.

The survey included these recommendations:

  • Assume you will be attacked - odds are better than 50%.
  • Invest in anti-ransomware technology. 24% of respondents stopped attacks before data could be encrypted.
  • Protect data wherever it's held, including the cloud.
  • Make regular backups, stored offsite and offline.
  • Deploy a layered defense.
  • include ransomware coverage in cyber insurance.