90 percent of companies have paid ransoms in the last two years in order to quickly get their data back after cyber attacks, close leaks and maintain operations.
This is shown by a study by Censuswide on behalf of Cohesity, a global provider of AI-powered data management and security. According to the survey, 93 percent of the international companies surveyed want to continue to pay ransoms in the event of a security attack and violate their “do-not-pay” guidelines in an emergency. Only 1 percent of companies categorically rule out paying ransoms. 35 percent of companies are willing to pay more than $5 million to restore data and business processes. Two out of three respondents want to transfer more than 3 million in ransom money in an emergency.
Data recovery issues
Companies are affected by the impact of cyber attacks for two reasons. On the one hand, the attack methods are becoming increasingly perfidious and, in addition, most companies' data is inadequately managed and secured. 78 percent say that the threat to their sensitive company data is growing even faster than the data stock as a whole - despite a rapid increase in the amount of data information that can be collected, stored and analyzed in the business sector. On the other hand, the number of cyber attacks is constantly increasing. Almost all those responsible (96 percent) expect the threat of cyber attacks to increase significantly in 2024 compared to 2023.
Almost 4 out of 5 companies were victims of ransomware attacks between June and December 2023. Just as many (79 percent) doubt the effectiveness of internal cyber defense concepts. They say their company's cyber resilience and data security strategies are not keeping pace with the current threat landscape. Far too slow data recovery: Lack of cyber resilience causes ransom payments The challenges to cyber resilience and business continuity are widespread and diverse, as the Cohesity study shows:
All companies surveyed need more than 24 hours to restore data and thus business processes
Only 7 percent of respondents can restore data and business processes within 1 to 3 days
35 percent need 4 to 6 days; for almost as many companies and departments, data recovery takes 1 to 2 weeks. Almost every fourth company needs over 3 weeks to restore data and business processes
Too few test runs
Further evidence of the lack of cyber resilience is that only 12 percent of companies have conducted a stress test of their data security, data management and data recovery processes or solutions in the last six months. 46 percent have not tested their processes or solutions for more than 12 months.
“Data security should be a top organizational priority across all functions and departments. The serious impact of a successful cyberattack or data breach on business continuity, revenue, brand reputation and customer trust is extreme,” emphasizes Sanjay Poonen, CEO and President of Cohesity. “AI-powered solutions enable companies to respond very quickly to cyberattacks. These defense systems for better data security and more effective data management protect sensitive company information. They detect attacks on IT security and ensure that accessed files are quickly restored so that all business processes continue to run.”
The consequences
The most serious impacts of security attacks are:
- Brands- and damage to reputation (34 percent)
- decline the share price / investments / profitability (31 percent)
- more direct Decline in sales (30 percent)
- Loss of confidence the business partner (39 percent)
There is a lot of catching up to do when it comes to threat awareness and accountability. Only 35 percent of respondents say that senior management fully understands the "serious risks and daily challenges of protecting, securing, managing and recovering data." 67 percent say that their company's CIO and CISO in particular need to be better coordinated.
“The survey reveals that many companies are taking far too long to restore data and systems to avoid significant disruption,” said James Blake, Global Head of Cyber Resiliency GTM Strategy at Cohesity. “Many organizations also admitted they would pay a ransom to shorten outages. However, paying ransoms will almost certainly result in the loss of some data. Not to mention that the ransomware operators were sanctioned. The last thing management needs after a ransomware attack is the prospect of hefty fines or imprisonment for violating sanctions.”
More at Cohesity.com
About Cohesity Cohesity greatly simplifies data management. The solution makes it easier to secure, manage and create value from data - across the data center, edge and cloud. We offer a full suite of services consolidated on a multi-cloud data platform: data backup and recovery, disaster recovery, file and object services, development / testing, and data compliance, security and analytics. This reduces the complexity and avoids the fragmentation of the mass data. Cohesity can be provided as a service, as a self-managed solution, and through Cohesity partners.
Matching articles on the topic