Report: Orgs spend $6M to combat ransomware

Six million U.S. dollars. That is the average dollar figure spent annually by organizations on security tools and resources to combat ransomware attacks, one of the major takeaways in a new report from CBI, Check Point Technologies and Ponemon Institute.

That annual dollar figure is even more significant when you look at what organizations are spending per ransomware incident. The same report found that organizations are spending approximately $170,000 U.S. and allocating 14 staff members per incident, with each employee spending 190 hours on average on containment and remediation activities.

More money doesn’t equate to more confidence in the ability to mitigate an attack. In fact, the report found that only 32% of organizations surveyed said they are confident in their security controls, indicating the need to use more effective approaches to prevent ransomware attacks. One area to improve is an organization’s assessment of their third parties’ own security and privacy practices, as only 36% say they’re doing such an assessment at the moment.

Organizations are also quick to pay the ransom. A majority — 53% of those surveyed who experienced an attack – wound up paying, with the average payment around $1 million U.S. What was a primary reason for organizations not paying? Thirty-nine percent said they decided not to pay the ransom demands because they felt they had an effective data backup strategy.

So, despite the increased frequency and volume of ransomware attacks in recent years, are organizations taking notice and fostering real change in the way they approach these incidents? That remains up for debate.

The report surveyed 659 IT and IT security professionals in small to large-sized companies in the United States who hold responsibilities for containing ransomware infections within their organizations. 

Read the full report by CBI, Check Point Technologies and Ponemon Institute.