The data from one small international survey points to gaps in perceptions and processes that led to some even paying ransoms
In a recent ransomware survey conducted among 569 cybersecurity leaders from 31 different locations around the world (including the United States, United Kingdom, France, India, and Japan) from industries such as manufacturing (29%), technology (19%), transportation (12%) and healthcare (11%), a large disconnect was discerned from respondents’ cited level of preparedness versus actual ability to stop a ransomware attack.
Although 78% of respondents stated they were “very” or “extremely” prepared to mitigate an attack, the survey found 50% fell victim to ransomware in the last year, and almost half were targeted two or more times.
Also, despite 72% of respondents citing that they were detecting an incident within hours (sometimes minutes), the percentage of respondents ending paying “some form of ransom payments” remained high, at almost 75%.
Across industries represented by the respondents, those in the manufacturing sector received higher ransoms and were more likely to pay the fee. Specifically, around 25% of attacks among respondents in the manufacturing industry received a ransom of US$1m or higher.
Finally, 88% of respondents reported being covered by cyber insurance, although “almost 40%” cited that they did not receive as much coverage as expected and, in some cases, did not receive any “because of an exception from the insurer”.
According to John Maddison, CMO and EVP Products, Fortinet, which conducted the survey, although three out of four respondents detected ransomware attacks early, half still fell victim to them. “These results demonstrate the urgency to move beyond simple detection to real-time response. However, this is only part of the solution as organizations (polled) cited the top challenges in preventing attacks were related to their people and processes. A holistic approach to cybersecurity that goes beyond investing in essential technologies and prioritizes training is essential.”