With Retail seeing and feeling the impact of more ransomware attacks than nearly every other industry, a new report focuses in on what the repercussions look like for this sector… and it’s not good.
Last year, I wrote about how the retail sector was unprepared for social engineering attacks – a key component in phishing attacks used as the initial attack vector for ransomware. It appears that the predictions found in the data presented back then have come to fruition, as The State of Ransomware in Retail 2022 report from Sophos highlights exactly what organizations in the Retail sector have been experiencing related to ransomware attacks.
According to the report, the percentage of Retail organizations hit by ransomware (77%) is nearly 17% higher than the average across all industries, demonstrating a particular focus being placed on it by cybercriminals. It also appears that those organizations have also taken notice:
- 55% state they have experienced an increase in volume of cyber attacks
- 55% state they have experienced an increase in complexity of cyber attacks
- 51% state they have experienced an increase in the impact of cyber attacks
This is definitely not good news. And, from the looks of the data focused on the impacts these ransomware attacks had on Retail, they also felt the repercussions:
- 92% of retail organizations said the ransomware attack impacted their ability to operate
- 89% said it had an impact on their revenue
- The average cost to remediate an attack in retail was $1.27 million
- The percent of organizations that got all their data back after paying the ransom dropped to just 5%, down from 9% the previous year
All around, Retail has not had a good year. More attacks, increased costs, impacted operations, and reduced revenues. Perhaps there is some truth still in my article from last year – maybe Retail needs to put its’ focus on Security Awareness Training to stop social engineering and phishing scams from gaining hold and acting as the launch point for ransomware attacks.