According to Mimecast, more than 80 percent of global organizations have been hit by ransomware in the past two years, but executives still have a false sense of security about being able to prevent future attacks.
The email security company surveyed 742 cybersecurity professionals around the world to compile its latest report, Ransomware Readiness: Facing the Reality Gap.
The report shows that victim organizations in the United States pay a higher price for security breaches. The average ransom in the US is $6.3 million, compared to just $848,000 in the UK and $59,000 in Australia. On average, 39 percent of victims said they paid the fee.
However, the ransom itself is only one element of the financial loss and reputational risk that comes with a ransomware attack. Other factors cited by respondents included operational disruptions (42 percent), significant downtime (36 percent), lost revenue (28 percent) and churn of existing customers (21 percent).
Two-fifths (39 percent) of executives also claim that they could lose their jobs as a result of the attack, while a quarter (24 percent) believe that executives have changed since the breach.
However, despite this recognition, executives seem to be overconfident in their organization's ability to withstand attacks. About 83 percent of respondents believe they can get all their data back without paying a ransom, while more than three-quarters (77 percent) believe they can get back to normal operations in just five days.
Jonathan Miles, head of strategic intelligence and security research at Mimecast, said: "Ransomware attacks have never been so common, and threat actors are improving every day in terms of their sophistication and ease of deployment. ”
"Being defensively prepared in advance is key to combating these attacks. Cybersecurity leaders must continue to be proactive and work to improve processes. This report clearly shows that ransomware attacks come at a high cost, leaving cybercriminals with no incentive to slow down. ”
The report notes that the most common threat vector is listed as a malicious attachment in phishing emails (54%).
Many respondents believe their organizations need more advanced security (45 percent) and more frequent end-user training (46 percent) to combat threats.
![The hacked $4.4 million doesn't completely solve the problem, should this ransom be paid?[fig]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)