Ransomware attacks dropped 61% last year, but orgs can’t be complacent

Ever since WannaCry infected PCs around the world in 2017, ransomware has remained a constant threat to enterprises. Yet new research suggests that this persistent threat is on the decline. 

Today, the 2022 State of Ransomware Report was released by privileged access management (PAM) provider Delinea, in partnership with Censuswide. It surveyed 300 U.S.-based IT decision-makers and found that only 25% of organizations were victims of ransomware attacks over the past 12 months. 

This accounts for a 61% decline from the previous 12-month period, when 64% of organizations reported being victims. In addition, the report also found the number of companies paying ransoms declined from 82% to 68% during the study period. 

Although this is good news for enterprises, security leaders can’t afford to become complacent, as these attacks are still common enough to cause serious data breaches. 

Why organizations shouldn’t be complacent about ransomware 

Although it appears ransomware threats are on the decline, organizations can’t afford to let their guards down just yet, particularly when the average cost of a ransomware breach costs $4.5 million, and there’s potential for an uptick. 

“Ransomware is still a significant concern and threat to any organization, and some of the signs of complacency we saw evidenced in the survey research could be a harbinger of an increase in ransomware in 2023,” said Joseph Carson, chief security scientist and advisory CISO at Delinea. 

One such sign of complacency is the decrease in the number of organizations with incident response plans, dropping from 94% to 71%, which could make these companies less effective at responding to data beaches, and give threat actors more opportunities to exfiltrate critical data assets. 

Proactive measures to take

Instead of giving into complacency, organizations should remain prepared and continue to invest time and money into proactive security solutions 

“Organizations should take a more proactive approach to cybersecurity, in particular where they are most vulnerable to these types of attacks; namely identity and access controls,” Carson said. 

For Carson, this comes down to embracing the principle of least privilege, and enforcing it via password vaulting and multifactor authentication (MFA) so that enterprises can reduce their vulnerability to ransomware attacks. 

Other “after the fact” protections such as performing frequent data backups, having a comprehensive incident response plan, and investing in cyber insurance policies can also mitigate further risk.