One survey for 2024 suggests that fewer respondents’ organizations had paid ransoms, possibly pointing to improved defenses and disaster preparedness levels.

Based on a survey of around 1,000 IT and security leaders* on ransomware matters, a cybersecurity firm has this week released some trends that were discerned from the 2024 data.

First, 69% of respondents had cited that their organizations had been attacked by ransomware, with 27% being repeat victims.

Second, 57% of respondents that had been involved in the attacks cited paying ransoms. In a similar survey for 2023, 76% had cited paying ransoms.

Other findings

Third, 85% of respondents hit with ransomware attacks had cited receiving threats that the stolen data would be exposed in the Dark Web. Also

  • 90% of respondents cited they were using AI in their ransomware defense strategies, primarily within Security Operations Centers (64%), for analysing Indicators of Compromise (62%), and to prevent phishing (51%)
  • 90% of respondents who were in executive roles cited concern over ransomware threats, with 34% enforcing least privilege access controls and 57% implementing application control measures.
  • 75% of respondents whose organizations had experienced a ransomware attack citing taking up to two week to resume full operations and recover
  • Attackers had used AI for automated phishing, deepfake impersonation, and accelerating attacks, according to non-quantitative data in the survey report

According to Art Gilliland, CEO, Delinea, the firm that disclosed its survey findings: “In order to combat the sophistication of today’s attacks, organizations must fight AI with AI and embrace proactive, identity security strategies like zero trust architecture, Privileged Access Management, and continuous credential monitoring to stay ahead.”

*located in multiple unspecified regions, with a focus on those in the US and the UK, including organizations in various industries (e.g., IT, healthcare, manufacturing) and of varying sizes: small (<49 employees, mid-sized (from 50 up to 500 employees , and enterprises (500+ employees). No details were supplied about the dates of the survey