Study: Ransomware causes significant damage to companies

March 14, 2025
| No comments
Study: Ransomware causes significant damage to companies - Image by Gerd Altmann on Pixabay
Advertising

Share post

A ransomware attack causes maximum damage to companies: It takes a long time to resume normal operations afterward. This leads to significant revenue losses. According to a recent study, fewer than half of affected companies report the attack to law enforcement authorities.

A Zero Trust Segmentation (ZTS) provider announces the results of a study commissioned by the Ponemon Institute, "The Global Cost of Ransomware." The study shows that ransomware attacks significantly disrupt companies' business operations and lead to financial losses.

Advertising
Image: Illumio

🔎Image: Illumio

According to the study's findings, 55 percent of German companies hit by a ransomware attack had to shut down operations. 45 percent reported significant revenue losses. 36 percent were forced to cut jobs, and 34 percent lost customers.

The Global Cost of Ransomware study analyzes the scale of the ransomware threat and the measures companies are taking to reduce risks and mitigate impacts.

Advertising

Subscribe to our newsletter now

Read the best news from B2B CYBER SECURITY once a month



By clicking on "Register" I agree to the processing and use of my data in accordance with the declaration of consent (please open for details). I can find more information in our Privacy Policy. After registering, you will first receive a confirmation email so that no other person can order something you don't want.
Expand for details on your consent
It goes without saying that we handle your personal data responsibly. If we collect personal data from you, we process it in compliance with the applicable data protection regulations. Detailed information can be found in our Privacy Policy. You can unsubscribe from the newsletter at any time. You will find a corresponding link in the newsletter. After you have unsubscribed, your data will be deleted as soon as possible. Recovery is not possible. If you would like to receive the newsletter again, simply order it again. Do the same if you want to use a different email address for your newsletter. If you would like to receive the newsletter offered on the website, we need an e-mail address from you as well as information that allows us to verify that you are the owner of the e-mail address provided and that you agree to receive the newsletter. Further data is not collected or only collected on a voluntary basis. We use newsletter service providers, which are described below, to process the newsletter.

CleverReach

This website uses CleverReach to send newsletters. The provider is CleverReach GmbH & Co. KG, Schafjückenweg 2, 26180 Rastede, Germany (hereinafter “CleverReach”). CleverReach is a service that can be used to organize and analyze the sending of newsletters. The data you enter for the purpose of subscribing to the newsletter (e.g. email address) will be stored on the CleverReach servers in Germany or Ireland. Our newsletters sent with CleverReach enable us to analyze the behavior of the newsletter recipients. This can include It is analyzed how many recipients have opened the newsletter message and how often which link in the newsletter was clicked. With the help of so-called conversion tracking, it can also be analyzed whether a previously defined action (e.g. purchase of a product on this website) took place after clicking on the link in the newsletter. Further information on data analysis by CleverReach newsletter is available at: https://www.cleverreach.com/de/funktionen/reporting-und-tracking/. The data processing takes place on the basis of your consent (Art. 6 Para. 1 lit. a DSGVO). You can revoke this consent at any time by unsubscribing from the newsletter. The legality of the data processing operations that have already taken place remains unaffected by the revocation. If you do not want an analysis by CleverReach, you must unsubscribe from the newsletter. For this purpose, we provide a corresponding link in every newsletter message. The data you have stored with us for the purpose of subscribing to the newsletter will be stored by us or the newsletter service provider until you unsubscribe from the newsletter and deleted from the newsletter distribution list after you have canceled the newsletter. Data stored by us for other purposes remain unaffected. After you have been removed from the newsletter distribution list, your e-mail address may be stored by us or the newsletter service provider in a blacklist if this is necessary to prevent future mailings. The data from the blacklist is only used for this purpose and is not merged with other data. This serves both your interest and our interest in complying with the legal requirements when sending newsletters (legitimate interest within the meaning of Art. 6 Para. 1 lit. f GDPR). Storage in the blacklist is not limited in time. You may object to the storage if your interests outweigh our legitimate interest. For more information, see the privacy policy of CleverReach at: https://www.cleverreach.com/de/datenschutz/.

Data processing

We have concluded a data processing agreement (DPA) for the use of the above-mentioned service. This is a contract mandated by data privacy laws that guarantees that they process personal data of our website visitors only based on our instructions and in compliance with the GDPR.

Ransomware attacks cause maximum damage

Key findings of the study are:

  • Attackers focus on critical systems to cause maximum damage: Ransomware attacks affected 24 percent of critical systems, which were down for an average of 12 hours.
  • German companies invest more time and manpower in containing ransomware than any other country: German companies needed an average of 18,3 employees, each working 149 hours, to contain and resolve the largest ransomware attack – longer than any other country.
  • Costs of reputational damage now exceed legal and regulatory costs: The brand suffered significant damage in 34 percent of the affected companies.
  • Failure to prioritize investments in improving resilience is costing companies dearly: 47 percent of German companies take too long to detect and contain security breaches. Only 28 percent implement microsegmentation, an important measure to stop an attack from spreading.

"Ransomware is more ubiquitous and damaging than ever, but not every attack necessarily results in business disruption or serious business failure," said Trevor Dearing, Director of Critical Infrastructure at Illumio. "Organizations must focus on operational resilience by implementing measures like microsegmentation that prevent attackers from reaching critical systems. By containing attacks early, companies can protect their most critical systems and data, saving millions in downtime, lost revenue, and reputational damage."

Cloud and hybrid environments remain vulnerabilities as attackers exploit unpatched systems

The increasing interconnectedness of business systems and devices is making it more difficult for companies to defend themselves against ransomware attacks. Companies view the cloud as the most vulnerable. 40 percent of German companies surveyed say that a lack of visibility in hybrid environments hinders their response to ransomware attacks.

Image: Illumio

🔎Image: Illumio

In Germany, desktops and laptops are the most commonly compromised devices, accounting for 52 percent of attacks. Phishing (45 percent) and Remote Desktop Protocol (RDP, 31 percent) are cited as the most common entry points for ransomware. 62 percent of attacks spread across the network and infected additional devices. In more than half of these cases (56 percent), attackers exploited unpatched systems to move laterally and gain more extensive privileges.

German companies invest heavily in defense against ransomware, but efforts fall short

According to the study, almost a third (30 percent) of German companies' IT budgets are spent on employees and technologies designed to prevent, detect, contain, and resolve ransomware attacks. Nevertheless, attacks remain successful: According to the study, 89 percent of companies have already fallen victim to a ransomware attack, even though 59 percent were confident in their security posture.

Image: Illumio

🔎Image: Illumio

Many companies also rely on recovery after a ransomware attack and fail. Fifty-two percent of respondents believe that a complete and accurate backup is a sufficient defense against ransomware. However, only 52 percent were able to recover all affected data after an attack.

Companies are afraid to report ransomware attacks

The study also identifies other key challenges in defending against ransomware, including:

  • Ransomware incidents continue to go unreported: Sixty-five percent of those affected did not report ransomware attacks to law enforcement. The main reasons for this were time pressure due to payment deadlines (65 percent), fear of retaliation (38 percent), and fear that the public might learn about the ransomware attack (38 percent).
  • Employees remain a weak point in IT security: Only 39 percent of respondents expressed confidence in their employees' ability to recognize social engineering attacks. Negligence among employees was cited as the biggest challenge in responding to ransomware attacks.
  • Slow adoption of AI to combat ransomware: Only 41 percent of German companies are using AI specifically to combat ransomware. At the same time, 56 percent fear that AI could also be used to generate new types of ransomware attacks against their company.

Research methodology

The study, conducted by the Ponemon Institute on behalf of Illumio, surveyed 2.547 IT and cybersecurity professionals in the US, UK, Germany, France, Australia, and Japan. All participants are responsible for defending against ransomware attacks in their organizations.

More at Illumio.com

 

About Illumio

Illumio, the leader in zero-trust segmentation, stops attacks and ransomware from propagating through the hybrid attack surface. The Illumio ZTS platform visualizes all traffic between workloads, devices, and the web, automatically sets granular segmentation policies to control data flow, and isolates high-value assets and vulnerable systems proactively or in response to active attacks.

Matching articles on the topic

Criminals use RMM tools to inject malware

Cybercriminals are increasingly abusing remote monitoring and management (RMM) tools, which are actually used for remote maintenance. In this way, they penetrate ➡ Read more

Secure data source with Zero Trust for AI on Google Cloud

Rubrik Annapurna and Google Agentspace enable companies to securely access, mobilize, manage, and protect AI data on Google ➡ Read more

Man vs. Machine: Race for Cybersecurity Supremacy

The advantages of AI in cybersecurity are obvious: AI is available around the clock, processes itself ➡ Read more

Ransomware attacks hypervisors

A new ransomware attack by the well-known cybercriminal group RedCurl specifically targets hypervisors rather than endpoints. The attackers aim to ➡ Read more

Defending against DDoS attacks with AI/ML

To better defend against the ever-increasing DDoS attacks, a leading provider of cybersecurity solutions has expanded its adaptive DDoS protection solution with additional ➡ Read more

Securing the software supply chain for the Cyber ​​Resilience Act

In recent years, IT security managers and their teams have increasingly had to deal with cyber risks associated with their vendors’ software supply chains ➡ Read more

Ransomware attacks are increasing sharply

After a period of calm, security experts are now reporting a sharp increase in ransomware attacks. Compared to February ➡ Read more

140 percent plus: Remote ransomware is increasing rapidly 

Latest findings from the field of remote ransomware: The research of the security specialists has already shown the enormous increase in remote encryption attacks by the end of 2023. ➡ Read more

Stories
, , , , , ,