One international survey found that such respondents’ firms tended not to have learned cyber lessons from their first incident

In a Dec 2022 ransomware survey of 1,350 IT personnel (managers, senior security managers, and senior IT and IT security decision-makers) across the USA, EMEA and APAC regions (Australia, India) in firms (100 to 2,500 employees) from a wide range of industries, certain trends were discerned among organizations that had suffered more than one ransomware attack in the past.

While 73% of respondents reported having been hit with at least one ransomware attack in 2022, 38% had indicated they had been hit at least twice.

Respondents of repeat ransomware attacks were more likely to indicate they had paid the ransom (42%), compared to 31% of victims that had reported only a single attack at the time of the survey. The former group of respondent were also less likely to indicate the use a data backup system to help them recover.

Other findings:

    • 27% of respondents indicated they were not fully prepared to deal with a ransomware attack.
    • 69% of respondents indicated that the ransomware attack they suffered had started with a malicious email, web application or via network traffic — in order of commonality.
    • In terms of the type of industries targeted, there were significant variations: 98% of respondents from consumer services, and 85% from energy, oil/gas, and utility organizations, experienced at least one ransomware attack. Respondents from the energy, oil/gas and utility industry were also the most likely to report suffering from two or more ransomware incidents.
    • 77% of respondents whose firms were covered by cyber insurance were hit with at least one successful ransomware attack, compared to 65% without cyber insurance.
    • The widespread availability of low cost, accessible attack tools through Ransomware-as-a-Service offerings were attributable to the number of respondents affected by ransomware attacks in the 2022 survey period

According to Mark Lukie, Director of Solution Architects, Barracuda (APAC), which commissioned the survey: “The relatively high proportion of repeat victims suggests that security gaps (were) not fully addressed after the first incident,” suggesting that such organizations need to defend themselves with “deep, multilayered security technologies that include advanced email protection and backup as well as threat hunting and XDR capabilities.”