As ransomware becomes more pervasive, new data provides insight into how well organizations are responding and the attack vector being used most.
We hear a lot about ransomware attacks, but I’m not seeing data about how well organizations fared, so I was glad to see GetApp’s 2024 Data Security report.
According to the report, nearly half of U.S. companies (44%) experienced a ransomware attack in the last 12 months – this is less than the global average of 52% of organizations, indicating that U.S. companies are doing a better job at stopping attacks at their initial attack vector.
But what interests me more is what happened. According to the report, of those attacked:
- 43% of organizations resorted to paying a ransom
- 36% were able to recover from the attack and decrypt the data without paying
- 36% of ransomware victims lost data in the attack that was never recovered
The report goes on to note that within the 36% who lost data, 2 of the 36% were organizations that had no backups. Because GetApp is aware of backups, I’m thinking the 36% that did “recover” from the attack did so via backups.
So only a third were able to recover their data without having to feel additional financial and operational impacts. That’s not entirely good, as we all would like to see that percentage be MUCH higher.
I do want to note that the report speaks about ransomware in the same breath as phishing attacks, mentioning that 87% of organizations have received a phishing email in the past 12 months.
What’s worrisome is that of those receiving a phishing email, 74% of that group reported that they or someone else in the business had subsequently clicked on malicious links within the email.
Based on the report data and how GetApp is tying these two issues together so closely, it makes me believe they’re seeing the connection we’ve long known here at KnowBe4 – that phishing remains one of the most prevalent initial attack vectors for ransomware attacks.
It’s the reason why organizations that employ continual new-school security awareness training see lower engagement with phishing and other social engineering attacks, which reduces the likelihood of organizations experiencing any degree of a ransomware attack.
KnowBe4 empowers your workforce to make smarter security decisions every day. Over 70,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.