Ransomware attacks preparedness lagging, despite organizations being aware of the risks

Hornetsecurity released the results of a global study of IT professionals on their preparedness for ransomware attacks.

Survey data showed that although companies are increasingly aware of the risks ransomware poses, many organizations lack proper protection and prevention measures.

“The results of our recent survey made clear that both small and large companies remain vulnerable to malware attacks,” said Daniel Hofmann, CEO at Hornetsecurity.

“Regardless of size, companies should be proactively taking holistic measures to protect themselves, including regularly updating disaster recovery plans, training staff, implementing effective spam filters, and protecting backups to avoid costly and time consuming data recovery efforts.”

The state of preparedness for ransomware attacks

1 in every 5 companies falls victim to ransomware attacks – Twenty-one percent of respondents indicated that their organization has suffered a ransomware attack, confirming that it remains one of the most prolific forms of cybercrime. In addition to system downtime, ransomware attacks can be costly. Attacks often require ransom payments, lengthy data recovery efforts, and long-term damage to companies’ reputations.

Half of respondents indicated that their management team delegates cyber preparedness to its IT department – Although 86.9% of respondents indicated that their senior leadership team is aware of ransomware risks, nearly half reported that preparation and prevention measures are delegated to the company’s IT department.

Because of the significant risks ransomware attacks pose, cyber protection and prevention policies should be company-wide priorities and not relegated to the IT department.

Nearly 1 in 10 companies forced to pay ransom to recover data after ransomware attack – More than 9% of survey participants reported that their company had paid a ransom to recover its data. Conversely, over 90% of respondents indicated that although they were attacked, they were able to recover data from backups; however, many of those that were able to avoid ransom payment still reported losing files during the data recovery process.

15.2% of companies do not protect backups from ransomware – More than 15% of respondents indicated that their companies do not perform regular data backups. Regular backups are recommended to protect data from hardware failures and other operational risks, but they are also imperative to a comprehensive IT security strategy. Most ransomware attacks can be thwarted if the organization’s data has recently been backed up.

Nearly 30% of companies fail to provide end-user training on ransomware attacks prevention – End users are one of the biggest threats to any organization. The majority of security breaches result from employees falling victim to successful phishing attacks. As a result, companies should hold regular training on cyberattack trends and warning signs so they are aware of threats and able to avoid putting sensitive data at risk.