90 percent of companies pay ransoms

90 percent of companies pay ransoms

Share post

90 percent of companies have paid ransoms in the last two years in order to quickly get their data back after cyber attacks, close leaks and maintain operations.

This is shown by a study by Censuswide on behalf of Cohesity, a global provider of AI-powered data management and security. According to the survey, 93 percent of the international companies surveyed want to continue to pay ransoms in the event of a security attack and violate their “do-not-pay” guidelines in an emergency. Only 1 percent of companies categorically rule out paying ransoms. 35 percent of companies are willing to pay more than $5 million to restore data and business processes. Two out of three respondents want to transfer more than 3 million in ransom money in an emergency.

Data recovery issues

Companies are affected by the impact of cyber attacks for two reasons. On the one hand, the attack methods are becoming increasingly perfidious and, in addition, most companies' data is inadequately managed and secured. 78 percent say that the threat to their sensitive company data is growing even faster than the data stock as a whole - despite a rapid increase in the amount of data information that can be collected, stored and analyzed in the business sector. On the other hand, the number of cyber attacks is constantly increasing. Almost all those responsible (96 percent) expect the threat of cyber attacks to increase significantly in 2024 compared to 2023.

Almost 4 out of 5 companies were victims of ransomware attacks between June and December 2023. Just as many (79 percent) doubt the effectiveness of internal cyber defense concepts. They say their company's cyber resilience and data security strategies are not keeping pace with the current threat landscape. Far too slow data recovery: Lack of cyber resilience causes ransom payments The challenges to cyber resilience and business continuity are widespread and diverse, as the Cohesity study shows:

All companies surveyed need more than 24 hours to restore data and thus business processes
Only 7 percent of respondents can restore data and business processes within 1 to 3 days
35 percent need 4 to 6 days; for almost as many companies and departments, data recovery takes 1 to 2 weeks. Almost every fourth company needs over 3 weeks to restore data and business processes

Too few test runs

Further evidence of the lack of cyber resilience is that only 12 percent of companies have conducted a stress test of their data security, data management and data recovery processes or solutions in the last six months. 46 percent have not tested their processes or solutions for more than 12 months.

“Data security should be a top organizational priority across all functions and departments. The serious impact of a successful cyberattack or data breach on business continuity, revenue, brand reputation and customer trust is extreme,” emphasizes Sanjay Poonen, CEO and President of Cohesity. “AI-powered solutions enable companies to respond very quickly to cyberattacks. These defense systems for better data security and more effective data management protect sensitive company information. They detect attacks on IT security and ensure that accessed files are quickly restored so that all business processes continue to run.”

The consequences

The most serious impacts of security attacks are:

  • Brands- and damage to reputation (34 percent)
  • decline the share price / investments / profitability (31 percent)
  • more direct Decline in sales (30 percent)
  • loss of trust the business partner (39 percent)

There is a lot of catching up to do when it comes to threat awareness and accountability. Only 35 percent of respondents say senior management fully understands the “serious risks and daily challenges of protecting, securing, managing and recovering data.” 67 percent say that the CIO and CISO of their company in particular should coordinate better.

“The survey reveals that many companies are taking far too long to restore data and systems to avoid significant disruption,” said James Blake, Global Head of Cyber ​​Resiliency GTM Strategy at Cohesity. “Many organizations also admitted they would pay a ransom to shorten outages. However, paying ransoms will almost certainly result in the loss of some data. Not to mention that the ransomware operators were sanctioned. The last thing management needs after a ransomware attack is the prospect of hefty fines or imprisonment for violating sanctions.”

More at Cohesity.com


About Cohesity

Cohesity greatly simplifies data management. The solution makes it easier to secure, manage and create value from data - across the data center, edge and cloud. We offer a full suite of services consolidated on a multi-cloud data platform: data backup and recovery, disaster recovery, file and object services, development / testing, and data compliance, security and analytics. This reduces the complexity and avoids the fragmentation of the mass data. Cohesity can be provided as a service, as a self-managed solution, and through Cohesity partners.


Matching articles on the topic

Report: 40 percent more phishing worldwide

The current spam and phishing report from Kaspersky for 2023 speaks for itself: users in Germany are after ➡ Read more

Cybersecurity platform with protection for 5G environments

Cybersecurity specialist Trend Micro unveils its platform-based approach to protecting organizations' ever-expanding attack surface, including securing ➡ Read more

Data manipulation, the underestimated danger

Every year, World Backup Day on March 31st serves as a reminder of the importance of up-to-date and easily accessible backups ➡ Read more

Printers as a security risk

Corporate printer fleets are increasingly becoming a blind spot and pose enormous problems for their efficiency and security. ➡ Read more

IT security: Basis for LockBit 4.0 defused

Trend Micro, working with the UK's National Crime Agency (NCA), analyzed the unpublished version that was in development ➡ Read more

The AI ​​Act and its consequences for data protection

With the AI ​​Act, the first law for AI has been approved and gives manufacturers of AI applications between six months and ➡ Read more

MDR and XDR via Google Workspace

Whether in a cafe, airport terminal or home office – employees work in many places. However, this development also brings challenges ➡ Read more

Windows operating systems: Almost two million computers at risk

There are no longer any updates for the Windows 7 and 8 operating systems. This means open security gaps and therefore worthwhile and ➡ Read more