Halcyon: Ransomware and Data Extortion Business Risk Report

Halcyon published a new study detailing the significant impact on businesses from ransomware and data extortion attacks over the past 24 months. According to the Ransomware and Data Extortion Business Risk Report, one-in-five (18%) suffered a ransomware infection 10 or more times in a 24-month period, one-in-five (18%) were infected 5-9 times, and 30% were infected 2-4 times.

Data exfiltration occurs in nearly every major ransomware attack today, and nearly two-thirds (60%) of respondents said that sensitive or regulated data was exfiltrated from their organization, with more than half (55%) reporting the attackers issued an additional ransom demand to protect the exfiltrated data. As well, 58% of victims reported that the loss of sensitive data put their organizations at additional risk of regulatory action and lawsuits.

“The C-suite and BoD need to recognize that most of these attacks today are basically data exfiltration attacks with some ransomware sprinkled in, and once the data is exfiltrated the damage is done,” said Jon Miller, CEO & Co-founder, Halcyon.  

“Data exfiltration in many cases is a bigger problem for the victim organization than the disruption to operations because, as the report highlights, even if an organization pays the ransomware demand, these criminals still have that data, putting victim organizations and their leadership at heightened risk of lawsuits and regulatory actions.”

The study also revealed a strong disconnect between perception and reality when it comes to prevention and resilience against ransomware and data extortion attacks. Fully 88% of respondents indicated they were somewhat or very confident their organizations’ current security deployments could disrupt an attack before a ransomware payload is delivered, and 85% were somewhat or very confident their organizations could quickly resume regular operations following a successful attack. Yet more than one-in-three (36%) were Infected 5 times or more over the two-year period.

Furthermore, 62% of organizations hit by ransomware reported a major disruption in operations, with 38% saying operations were disrupted for at least two months to more than six months. These findings clearly show that organizations are overly confident in their ability to defend against and quickly recover from ransomware attacks.

Other key findings in the report include:

• All organizations were running some combination of prevention tools when they were victimized in a successful ransomware attack;
• Of the organizations that opted to pay a ransom demand, the majority (78%) said the attackers failed to provide a decryption key or data was corrupted upon decryption;
• 59% of respondents indicated the total cost for remediation (incident response only) cost their organization more than $1 million
• More than half (57%) said the attacks will have a negative impact long-term on their organization’s operations, competitiveness, profitability or overall viability;
• Of the organizations that have cyber insurance, two-in-five (39%) said their premiums increased significantly following a ransomware attack, while more than one-quarter (28%) said premiums increased slightly.

“The disconnect between perceived and actual risk is not helping organizations be more resilient to ransomware attacks,” said Anthony M. Freed, Halcyon Director of Research and Communications.  

“While most respondents feel confident their current security deployments are adequate for both prevention and recovery, the data shows that the majority of attacks are nonetheless successful and victim organizations are struggling to get operations back up and running, which is what is driving up these post-attack recovery costs.”

Research was conducted through an independent survey with responses from 913 US-based directors-level or above and members of the security or IT teams at organizations that were targeted by a ransomware attack in the past 24 months.