Only half of ransomware victims recover data when paying

Only half of ransomware victims recover data when paying, a new survey has revealed [Image: hilllander via iStock]

Only half of companies that have been the victim of ransomware and paid the ransom recovered their data, according to a new study.

CyberEdge Group’s fifth annual Cyberthreat Defense Report found that 55 per cent of responding organisations reported being compromised by ransomware in 2017. This was down from 61 per cent in 2016.

For the first time in five years, according to the report, the percentage of companies affected by a successful cyber attack fell, dropping from 79 per cent in 2016 to 77 per cent in 2017. Furthermore, the number of organisations reporting being victimised by six or more successful attacks fell from 33 per cent in 2016 to 27 per cent in 2017.

The research also found that the number of companies with rising IT security budgets reached an all-time high this year, rising from 48 per cent in 2014 to 79 per cent in 2018. The average IT security budget is rising by 4.7 per cent in 2018, which now makes up 12 per cent of the overall IT budget.

According to the report, for the first time in five years, a lack of skilled professionals was a bigger factor than low security awareness among employees in IT security’s greatest obstacle to success. In 2018, four in five companies said they are experiencing an IT security skills shortage.

Steve Piper, chief executive of CyberEdge Group, said: “In 2017, 55 per cent of our respondents’ organisations were victimised by ransomware. Of those victims that refused to pay the ransom (61 per cent), the vast majority (87 per cent) recovered their data from backups.

“This just underscores how important it is to incorporate a sensible data backup strategy as part of an organisation’s cyber threat defense strategy.”