Nearly one third of organisations worldwide have experienced a ransomware attack or breach that blocked access to systems or data in the previous 12 months, according to a new survey.

For those that fell victim to ransomware, it is not uncommon to have experienced multiple ransomware events, said a International Data Corporation (IDC) survey.

Advertisement

“Ransomware has become the enemy of the day; the threat that was first feared on Pennsylvania Avenue and subsequently detested on Wall Street is now the topic of conversation on Main Street,” said Frank Dickson, programme vice president, Cybersecurity Products at IDC.

“As the greed of cyber-miscreants has been fed, ransomware has evolved in sophistication, moving laterally, elevating privileges, actively evading detection, exfiltrating data, and leveraging multifaceted extortion. Welcome to digital transformation’s dark side,” he added.

The incident rate was notably lower for companies based in the US (7 per cent) compared to the worldwide rate (37 per cent).

The manufacturing and finance industries reported the highest ransomware incident rates while the transportation, communication, and utilities/media industries reported the lowest rates.

“Only 13 per cent of organisations reported experiencing a ransomware attack/breach and not paying a ransom,” the findings showed.

While the average ransom payment was almost a quarter million dollars, a few large ransom payments (more than $1 million) skewed the average.

The results also showed that organisations that are further along in their digital transformation (DX) efforts were less likely to have experienced a ransomware event.

“These are organisations that have committed to a long-term DX investment plan with a multi-year approach tied to enterprise strategy,” the survey showed.