56% of organizations faced a ransomware attack, many paid the ransom
There’s a continued proliferation of ransomware, heightened concerns around nation-state actors, and the need for acceleration of both digital and security transformation, a CrowdStrike survey reveals.
Proliferation of ransomware leads to more frequent payouts, costing millions
Survey data indicates ransomware attacks have proven to be especially effective, as 56% of organizations surveyed have suffered a ransomware attack in the last year. The COVID-19 pandemic catalyzed increasing concerns around ransomware attacks, with many organizations resorting to paying the ransom.
The global attitude shifts from a question of if an organization will experience a ransomware attack to a matter of when an organization will inevitably pay a ransom. Notable findings include:
- Concern around ransomware attacks continues to increase, with the stark increase in this year’s findings (54%) compared to 2019 (42%) and 2018 (46%).
- 71% of cybersecurity experts globally are more worried about ransomware attacks due to COVID-19.
- Among those hit by ransomware, 27% chose to pay the ransom, costing organizations on average $1.1 million USD owed to hackers.
- The APAC region is suffering the most when paying the ransom with the highest average payout at $1.18 million USD, followed by EMEA at $1.06 million and the U.S. at $0.99 million.
Fear of nation-state cyberattacks can stifle business growth in post COVID-19 world
Nation-state activity continues to weigh heavily on IT decision makers, as 87% of respondents agree that nation-state sponsored cyberattacks are far more common than people think.
As growing international tensions and the global election year have created a nesting ground for increased nation-state activity, organizations are under increased pressure to resume operations despite the increased value of intellectual property and vulnerabilities caused by COVID-19. Key highlights include:
- Even with the massive rise in eCrime over the course of 2020, 73% believe nation-state sponsored cyberattacks will pose the single biggest threat to organizations like theirs in 2021. In fact, concerns around nation-states have steadily increased, as 63% of cybersecurity experts view nation-states as one of the cyber criminals most likely to cause concern, consistently rising from 2018 (54%) and 2019 (59%).
- 89% are fearful that growing international tensions (e.g. U.S.-China trade war) are likely to result in a considerable increase in cyber threats for organizations.
- Approximately two in five IT security professionals believe a nation-state cyberattack on their organization would be motivated by intelligence (44%) or to take advantage of vulnerabilities caused by COVID-19 (47%).
Digital and security transformation accelerated as business priority
In the wake of these threats, cybersecurity experts have accelerated their digital and security transformation efforts to address the growing activity from eCrime and nation-state actors.
While spend on digital transformation continues to trend upward, the COVID-19 pandemic accelerated the timeline for many organizations, costing additional investment to rapidly modernize security tools for the remote workforce. Security transformation rollout findings include:
- 61% of respondents’ organizations have spent more than $1 million on digital transformation over the past three years.
- 90% of respondents’ organizations have spent a minimum of $100,000 to adapt to the COVID-19 pandemic.
- 66% of respondents have modernized their security tools and/or increased the rollout of cloud technologies as employees have moved to work remotely.
- 78% of respondents have a more positive outlook on their organization’s overarching security strategy and architecture over the next 12 months.
“This year has been especially challenging for organizations of all sizes around the world, with both the proliferation of ransomware and growing tensions from nation-state actors posing a massive threat to regions worldwide,” said Michael Sentonas, CTO, CrowdStrike.
“Now more than ever, organizations are finding ways to rapidly undergo digital transformation to bring their security to the cloud in order to keep pace with modern-day threats and secure their ‘work from anywhere’ operations.
“Cybersecurity teams around the globe are making strides in improving their security posture by moving their security infrastructure to the cloud and remaining diligent in their incident detection, response and remediation practices.”