Ransomware fallout: 94% experience downtime, 40% face work stoppage

Within the last 12 months, 48% of organizations identified evidence of a successful breach within their environment, according to Arctic Wolf.

To fully understand the gravity of this statistic, it is important to understand that, although 48% of these environments found evidence of a data breach, that does not inversely mean that 52% of organizations did not suffer a breach. Instead, it should be more accurately stated that the remaining 52% did not identify indicators of a breach within their environment.

This could be the result of multiple factors beyond a breach simply not occurring, from lacking the needed technology to identify indicators of a breach, misconfiguration of their security tools, lacking the expertise to recognize evidence of a breach, or a combination of these factors.

66% of organizations that suffered a data breach in the last year chose to publicly disclose information regarding their incidents, while 30% only disclosed their breaches to impacted parties.

BEC now a top method of attack

70% of organizations were the targets of attempted BEC attacks in the last year, with 29% of these targets becoming victims of one or more successful BEC occurrences.

With many organizations moving to cloud-based email services like Office365, these types of attacks can be difficult to identify with traditional security tools and may go undetected until they have successfully executed their objectives. This is why it is important when adopting Office365 or alternatives to employ detection tools or services specifically designed to monitor for threats related to BEC.

45% of respondents claim their organization suffered a ransomware attack in the last 12 months, an increase from last year, with 86% of those attacks including successful data exfiltration.

The financial impact of a ransomware attack also goes beyond the cost of the ransom demand alone, as these events often result in prolonged network and business downtime. 94% of those who suffered a ransom event experienced a period of significant downtime and delays in productivity. This included 40% of victims who stated they experienced a period of total work stoppage and complete loss of productivity.

In some cases, the total cost of this downtime and lost productivity can be higher than the ransom demand, making it difficult for decision-makers to decide whether it may be more cost-effective to pay a ransom demand versus the time it may take to triage and recover without paying.

Cyber insurance adoption accelerates

Cyber insurance demand and adoption is widespread, with an exceedingly small fraction (5%) of organizations deciding not to acquire coverage. Of the remaining organizations surveyed, 66% have an active cyber insurance policy, while 29% are in the process of obtaining or planning to obtain a policy this year.

53% of survey respondents were most concerned with rising premiums and stricter requirements for maintaining coverage.

94% of organizations either currently have or plan to implement adoption and usage policies around generative AI and large language models (LLM) tools this year.

Of these, 49% currently have developed and implemented policies that outline the proper usage of LLMs and generative AI, while another 34% have implemented policies which strictly forbid the use of these technologies within their environments.

88% of organizations currently use some form of security awareness programs internally, with another 10% in the process of adopting such a program within the next 12 months. This leaves only 2% of organizations stating they do not have plans to implement a security awareness program for their employees.

“This year’s insights highlight the increasing sophistication of threat actors and the realities of cyber incidents for organizations all around the world. Attackers are focusing on the human element, as evident with the overwhelming targeting via business email compromise. No matter the method of intrusion, the stakes are even higher for business leaders as most successful ransomware attacks involve data exfiltration,” said Ian McShane, VP, Managed Detection and Response (MDR), Arctic Wolf.

“While we are encouraged by the increased adoption of cyber insurance and incident response readiness programs, it is clear that there is still work to be done to overcome perennial challenges for cybersecurity leaders, including the increased financial and productivity losses due to ransomware,” added McShane.

The survey was conducted among 1,000 IT and security decision makers at director level or above from organizations with 50+ employees during March 2024.