The ransomware threat landscape is beginning to ease, according to Delinea's 2022 State of Ransomware Report. The number of ransomware attacks has dropped significantly in the last twelve months, and many affected companies no longer pay ransoms.
However, this is no reason for IT and security teams to lay back now: If the downward trend is to continue, appropriate budgets must be maintained and cybersecurity measures must continue to be implemented consistently.
Sharp decrease in attacks compared to the previous year
As the survey of 300 IT decision-makers reveals, only 25 percent of companies have been victims of ransomware attacks in the last twelve months. This is a staggering 61 percent decrease from the previous 12-month period, when 64 percent of organizations were affected by cyber extortion. In addition, the number of companies that paid ransoms after encrypting their data fell from 82 percent to 68 percent. This suggests that law enforcement agencies' strong warnings and recommendations not to deliver ransom to the extortionists are beginning to be implemented. At the same time, the report shows that larger companies fall victim to ransomware attacks much more frequently: 56 percent of those affected were companies with 100 or more employees.
Less threat - more negligence?
Alongside these positive developments, however, respondents also voiced concerns that a potentially reduced threat could mean comfort and complacency going forward. The fact that these concerns are not unfounded is also shown by the declining budget allocations for ransomware: While 93 percent of the IT professionals surveyed said in the previous year that they currently had a budget available for protection against ransomware, this number has already fallen to 68 percent. Likewise, the number of companies that have an incident response plan in place fell from 94 percent to 71 percent. In addition, only half take proactive measures to prevent ransomware attacks, such as For example, enforcing password best practices (51%) or implementing multi-factor authentication (50%).
Guide for 2023 strategy
"Although the focus is on the USA, the results of the current State of Ransomware Report are also relevant for German companies," says Andreas Müller, VP DACH at Delinea. “Thus, analyzing the results not only provides an understanding of what lies behind the good and bad numbers, but also highlights potential pitfalls that need to be avoided. Now is the time to use these ransomware insights as organizations revise their security strategies for 2023.”
The survey also revealed that the concrete consequences of ransomware attacks for the companies affected are now more tangible: significantly more respondents than in the previous year stated that their companies lost sales (56%) and customers (50%) after an incident to have. However, fewer of those surveyed (43%) reported damage to their reputation as a result of a ransomware attack.
More at Delinea.com
About Delinea Delinea is a leading provider of Privileged Access Management (PAM) solutions that enable seamless security for modern, hybrid businesses. Our solutions enable organizations to secure critical data, devices, code and cloud infrastructure to reduce risk, ensure compliance and simplify security. Delinea removes complexity and redefines access for thousands of customers worldwide, including more than half of the Fortune 100 companies. Our customers range from small businesses to the world's largest financial institutions, organizations and critical infrastructure companies.