2021 Survey Finds That 83% of Ransomware Victims Paid the Ransom

ThycoticCentrify, a Cybersecurity company, just released its “2021 State of Ransomware Survey & Report”, which delivers insights from IT leaders that have experienced ransomware attacks firsthand in the last 12 months. The survey collected responses from 300 US-based IT decision-makers. Of those 300, 192 of the respondents had been targeted by a ransomware attack in the last year, with 83% stating they felt they had no other choice than to pay the demanded ransom.

This survey divulges a prominent yet scary truth: most individuals and organizations targeted by ransomware feel they have few, if any, choices when it comes to solutions. However, with such a high percentage of victims paying the ransom, one outcome is inevitable: it incentivizes cyber actors to act again and again. After all, their success rate is 83%, which is pretty good odds if you ask us. 

Let’s take a look at the effects of ransomware attacks, as reported by survey participants: 

• 64% of the respondents (192) were victims of a ransomware attack in the last year.
• 93% of the respondents have begun allocating dedicated budgets to fight ransomware threats.
• 72% of the respondents have experienced cybersecurity budget increases as a result of ransomware threats.
• 30% of the respondents said they were forced to lay off employees following a ransomware attack.
• 50% of the respondents reported a loss of revenue and reputation due to a ransomware attack.
• 42% of respondents reported lost customers due to a ransomware attack. 

According to respondents, here’s where attacks were originating from:

• Email – 53%
• Applications- 41%
• The Cloud- 38%
• Privileged access- 26%
• Vulnerable endpoints- 25%

The majority of respondents are dedicating increased preventative spending in two main areas, followed by three lesser priority areas: 

• Network security (49%)
• Cloud security solutions (41%)
• Identity access management (24%)
• Endpoint security (23%)
• Privileged access management (19%)

Moving forward, organizations are focusing on four key areas to prevent future attacks, according to survey respondents:

• Critical data (57%)
• Regularly updating systems and software (56%)
• Enforcing password best practices (50%)
• Adopting a least privilege posture (34%)

While this is just one survey–the sample pool is a significant size, and the respondent feedback helps paint a picture of what a “majority” is doing to prevent future ransomware attacks. While no one answer is the solution for every organization, it is helpful to look at what is working for other organizations, gather new ideas, and apply beneficial changes within your organization. Half the fight in preventing ransomware attacks is remaining vigilant and evaluating and improving your IT security infrastructure to stay one step ahead of cyber actors. 

If you are wondering if your business is prepared for a ransomware event, PK Tech can help. Contact us here.