Delinea has recently released the 2022 State of Ransomware Report. Delinea is an innovative provider of privilege access management (PAM) solutions that helps organizations secure critical data and infrastructure, comply with regulations, and reduce risk. They offer their services to a vast global customer base ranging from small businesses to large organizations. Results of the report showed that strategies put in place to combat ransomware have achieved success, as cyber-attacks using this compromise approach were observed to have significantly declined over the past year as compared to earlier statistics. Additionally, fewer companies were seen to be paying the required ransom. Despite the encouraging results, some issues were still noted by the report in terms of spending, planning, and utilizing cybersecurity resources for battling ransomware.
The survey of 300 IT decision makers in the United States revealed that in the last twelve months, only a quarter of businesses experienced ransomware, compared to the 64% that encountered it the year prior. Subsequently, the number of firms that paid the ransom dropped from 82% to 68%. It is believed that this decrease may have been spurred by the FBI’s advice to not fund ransoms. Moreover, Only 25% of respondents said they were victims of ransomware over the past 12 months; a dramatic drop from last year’s overall ransomware attack rate of 64%. Interestingly, ransomware rates declined more steeply for smaller companies compared to larger ones. Companies with 100 or more employees experienced ransomware attacks at a rate of 56% in 2022, compared to 70% in 2021 — a decrease of 14 percentage points. In comparison, for companies with less than 100 employees, the ransomware attack rate decreased from 34% to 13%, a decrease of 21 percentage points. This survey suggests that smaller businesses are making more proactive efforts to combat cybercrime.
“The reduction of ransomware attacks is an encouraging sign, but organizations need to make sure they keep their guard up against this constant, evolving threat,” said Art Gilliland, CEO of Delinea. “Staying vigilant by maintaining a strong least privilege approach backed by stronger password protection, authentication enforcement, and access controls can help continue this downward trend.”
Although a large number of companies still choose to pay attackers after a ransomware attack, there is an increasing percentage of those that are refusing to pay. The survey revealed that 68% of companies have paid a ransom in the last 12 months, with an industry leader of 77% being in IT/Technology. Although this rate is lower than the 82% of last year, the business impact of these attacks still remains wide-ranging. In addition, this survey found that only half of the respondents were taking proactive steps to reduce the threat of ransomware. These findings infer that many companies may be developing a false sense of security, leading to fewer budget allocations and incident response plans. Therefore, there is a pressing need for increased knowledge and stronger security measures to protect against ransomware. Finally, the survey uncovered that the impacts of ransomware attacks are now more tangible, as more participants said their businesses suffered income loss (56%) and customers (50%) in comparison to the prior year. Fewer organizations (43%) reported harm to their reputation stemming from a ransomware attack.
“Though ransomware has become the norm, businesses can’t afford to become complacent. Government action and cyber insurance offer no guarantees for recovery. Cyber resilience is essential for customer trust and business growth”, the researchers concluded. “The ransomware landscape is evolving rapidly as criminals, enterprises, and governments test new strategies to reach their goals. Attack motivations and techniques are changing, which means your preparedness and response must change as well.”