Some 63% of organisations reported a significant loss of revenue following a ransomware attack.
Some 53% of companies indicated that their brand and reputation were damaged as a result of a successful attack, according to a report released recently.
This information is contained in a survey conducted by Censuswide on behalf of Cybereason, and it is titled Ransomware: The True Cost to Business.
Cybereason is a company that provides businesses with attack protection to cyber attacks.
The company unifies security from the endpoint, to the enterprise, to everywhere the battle moves.
The research was conducted in April of 2021 and 1 263 cybersecurity professionals took part in the survey, with participants from the United States, United Kingdom, Spain, Germany, France, United Arab Emirates, and Singapore.
Major industry verticals covered in the research include the Technology, Manufacturing, Financial Services, Retail, Healthcare, Automotive, Legal, and Government sectors.
The report aims to find the true cost to businesses when they have been hit by a cyber attack.
Cybereason chief executive officer and co-founder Lior Div said: “Ransomware attacks are a concern for organisations across the globe, often causing massive business disruptions including the loss of income and valuable human resources as a direct result.
“In the case of the recent Colonial Pipeline ransomware attack, disruptions were felt up and down the East Coast of the United States and negatively impacted other businesses who are dependent on Colonial’s operations,
“Paying a ransom demand does not guarantee a successful recovery, does not prevent the attackers from hitting the victim organization again, and in the end only exacerbates the problem by encouraging more attacks.
“Getting in front of the threat by adopting a prevention-first strategy for early detection will allow organisations to stop disruptive ransomware before they can hurt the business,” Div said.
The report revealed that nearly 1,300 security professionals said more than half of organisations were victims of a ransomware attack and that 80% of businesses that chose to pay a ransom demand suffered a second ransomware attack, often at the hands of the same threat actor group.
“Organisations who opted to pay a ransom demand to regain access to their encrypted systems, 46% reported that some or all of the data was corrupted during the recovery process.
“These findings underscore why it does not pay to pay ransomware attackers, and that organizations should focus on early detection and prevention strategies to end ransomware attacks at the earliest stages before critical systems and data were in jeopardy,” the report said.
The report highlighted some of the findings of the survey.
Key findings in the research include:
● Ransom Demands Increasing: 35 percent of businesses that paid a ransom demand shelled out between $350,000-$1.4 million, while 7% paid ransoms exceeding $1.4 million
● C-Level Talent Loss: 32% of organisations reported losing C-Level talent as a direct result of ransomware attacks
● Employee Layoffs: 29% reported being forced to layoff employees due to financial pressures following a ransomware attack
Business Closures: A startling 26% of organizations said a ransomware attack forced the business to close down operations entirely.
Other key findings of the report reveal the extent to which losses to the business may be covered by cyber insurance, how prepared organisations are to address ransomware threats to the business about adequate security policies and staffing, and more granular information on the impact of ransomware attacks by region, company size and industry vertical.
In addition, the report provides actionable data on the types of security solutions organizations had in place before an attack, as well as which solutions were most often implemented by organizations after they experienced a ransomware attack.
Meanwhile in South Africa, a cyber crime bill was signed recently by President Cyril Ramaphosa.
The new law criminalises various types of cyber crimes, including illegally accessing a computer system or intercepting data, cyber fraud, cyber forgery, unlawfully acquiring a password or access code, cyber extortion, and theft of incorporeal (intangible) property.
The wide ambit of jurisdiction created by the cyber crimes Act means that South African courts will have the power to try persons that are not South African citizens, as well as persons that commit crimes in other countries, where this affects a person or business in South Africa.
BUSINESS REPORT ONLINE