I recently wrote about how 1 in 34 organizations globally has experienced an attempted ransomware attack. But that statistic doesn’t provide enough context around the impact felt by the organizations that do business in one form or another with those that are attacked.
According to statistics company Statista, the annual share of organizations affected by ransomware attacks is nearly three-quarters (72.7%). That’s up only slightly from last year’s 71%, but is a significant 31% increase when compared to just five years earlier:
What’s also interesting is comparing the percentage of orgs impacted against the number of annual ransomware attempts globally. In 2022, there was a material drop in the overall number of attacks, and yet, referring back to the graph above, the percentage of organizations affected actually rose. It feels like it may be due to the attacks that were successful being far more widespread within the organization, having a greater impact on an organization’s ability to be resilient, causing the aforementioned ripple effect that causes the “affected” chart above to keep increasing.
Playing this forward, it says to me that ransomware attacks are only going to become more pervasive within an organization, possibly including specific tactics to find ways to cause those with whom your organization does business to also be impacted. I know it’s pure speculation, but when ransomware first started, who thought we’d have triple, quadruple, and quintuple extortion on top of basic ransomware encryption?
The only way to ensure your organization and those orgs that could be impacted is to avoid being a victim altogether. And the latest initial access data in ransomware attacks still points to phishing playing a dominant role – something that can only effectively be mitigated with new-school security awareness training.
KnowBe4 enables your workforce to make smarter security decisions every day. Over 65,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.