Skip to main content

Report: 85% of companies experience at least one ransomware attack per year

Computer being hacked in dark office
Image Credit: Getty Images

Check out the on-demand sessions from the Low-Code/No-Code Summit to learn how to successfully innovate and achieve efficiency by upskilling and scaling citizen developers. Watch now.


A new study from ExtraHop shows a major discrepancy between perception versus reality — 77% of IT decision-makers (ITDMs) said they were very or completely confident in their company’s ability to prevent or mitigate cybersecurity threats, yet 64% admit that their own cybersecurity incidents are the result of their own outdated IT security plans.

When the pandemic hit and organizations switched to a work from home (WFH) model, many also took the opportunity to modernize their IT infrastructures, finally decommissioning old on-premises applications and replacing them with new SaaS applications or other solutions. Unfortunately, they didn’t modernize their protocol use — leading to some misplaced confidence. Sixty-nine percent are transmitting sensitive data over unencrypted HTTP connections instead of more secure HTTPS connections. Another 68% are still running SMBv1, the protocol that WannaCry and NotPetya ransomware variants use to infect corporate networks. 

The frequency of ransomware attacks over the past few years has only made this discrepancy worse. Eighty-five percent of companies are, on average, experiencing at least one ransomware attack per year, and 74% have experienced multiple attacks.

Another surprising takeaway: most companies admitted to paying the ransom when hit. Seventy-two percent of respondents admitted to paying a ransom, while 42% of companies that suffered a ransomware attack said they paid the ransom demanded most or all of the time.

Event

Intelligent Security Summit

Learn the critical role of AI & ML in cybersecurity and industry specific case studies on December 8. Register for your free pass today.

Register Now

Despite this being discouraged by the FBI, many organizations choose to make the payment to minimize the cost, which includes business downtime and end-user downtime. 

The survey of 500 security and IT decision-makers in the U.S., U.K., France, and Germany was conducted by Wakefield Research and sponsored by ExtraHop. Survey participants came from a wide range of industries, including financial services, healthcare, manufacturing and retail, and worked at companies of varying sizes, including companies with annual revenue exceeding $50 million.

Read the full report by ExtraHop.

VentureBeat's mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Discover our Briefings.