This was one observation in a focused survey on such sectors across 31 countries.

In a 2022 survey involving 199 respondents in IT from the state and local government sectors across 31 countries, it was found that this group was 7% more likely to have had their data locked by cyberattackers than those in the private sector.

Only 20% of the state and local government organizations in the survey were able to stop the ransomware attack before data could be encrypted—much less than the cross-sector average of 31% in the larger group of 5,000+ respondents.

However, at the same time, the government sectors in the survey had some of the lowest attack rates in the 2021 period under study.

Additional findings

    • 58% of government organizations had suffered ransomware attacks, compared to 34% in a 2020 survey. This was a 70% increase.
    • 300% more money was involved in remediating attacks in the government organizations surveyed, compared to the average in non-government sectors.
    • 58% of data was recovered in the 2021 survey, compared to 70% in a similar survey in 2020. This was lower than the cross-sector average of 61%.

According to Chester Wisniewski, Principal Research Scientist, Sophos, which commissioned the survey,  local and state government organizations in the survey have not been prime targets for ransomware attackers since, unlike traditional businesses, they are not at much liberty to use taxpayer monies to pay ransoms; and criminal groups are reticent to attract attention from law enforcement.

“However, when these organizations do get hit, they have little in the way of protection because they don’t have the budget for additional, in-depth cybersecurity support, including threat hunting teams or security operations centers. They spend far more on recovering and catching up with current security practices than they did on the actual ransom demand, should they have chosen to pay,” Wisniewski said.