A survey reveals that a false sense of confidence leaves organizations vulnerable to cyber threats and on the hook for ransomware payments.

An overwhelming majority of organizations paid ransomware last year


A survey reveals that a false sense of confidence leaves organizations vulnerable to cyberthreats

Key points:

Organizations are generally ill-equipped to manage and mitigate their cyber risk following a significant increase in ransomware attacks and cybersecurity incident downtime, according to a survey from ExtraHop, a provider of cloud-native network detection and response.

The third annual Global Cyber Confidence Index, conducted by Censuswide, found that an overwhelming majority (88 percent) of IT and cybersecurity decision makers said they are confident in their organizations’ ability to manage cyber risk, but most acknowledged that they are frequently the victim of ongoing threats and are falling behind when it comes to identifying and remediating threats.

Amid a recent onslaught of attacks against the world’s most profitable industries and critical infrastructures, and regulatory bodies like the SEC tightening compliance rules, understanding an organization’s ability to effectively manage cyber risk is more critical than ever before.

Key insights from the report include:

Cyberattackers are raking in ransomware payments

Nearly one in four (22 percent) respondents deemed ransomware the biggest risk to their organization–an unsurprising finding as about half say they are still running at least one insecure network protocol that threat actors are known to exploit in ransomware attacks. Highlighting this concern, 58 percent said they experienced six or more ransomware incidents in 2023 (up 32 percent year over year). On the heels of BlackCat’s attack on Change Healthcare, healthcare was among the top industries impacted by ransomware, with organizations averaging nine incidents each last year.

Of those surveyed, almost all that experienced a ransomware attack paid up; in 2023, 91 percent paid the ransom, compared to 83 percent in 2023 and 72 percent in 2022. On average, the research found ransomware payments alone cost nearly $2.5 million per organization in the last year–before adding in the unrealized costs associated with remediation.

Downtime is draining organizations of their time and money

When discussing the impact cybersecurity pitfalls have on their businesses, respondents said they averaged 56 hours of downtime following a security incident last year. Downtime for industrial companies hit slightly higher at 58 hours, and, with recent research calculating the median cost of industrial downtime at nearly $125,000 per hour, these companies could lose upwards of $7.25 million per incident.

The largest organizations surveyed (5,000+ employees) experienced the most downtime at nearly 62 hours on average per incident. Globally, France led downtime at 68 hours, followed by the United States (63 hours) and Australia (62 hours).

Organizations are putting their faith in AI

Organizations are overwhelmed by a multitude of barriers holding them back from effectively managing cyber risk, citing immature risk management processes (21 percent), the inability to catch up in a fast-paced industry (18 percent), a lack of alignment between the cybersecurity organization and the business (16 percent), outdated technology (15 percent), insufficient personnel resources (14 percent), and insufficient budgets (13 percent).

In response to this widespread set of unique challenges, more than a third (38 percent) of respondents agree using AI and machine learning to help manage and mitigate cyber risk is a top priority for their organization this year.

“Cyber risks are inevitable and no single organization is immune to the threat bad actors pose to their business,” said Raja Mukerji, co-founder and chief scientist at ExtraHop. “With ransomware and downtime on the rise and ripple effects being felt throughout entire organizations, leaders are recognizing an inherent need to prioritize cybersecurity, and, better yet, business resilience. With greater visibility into and awareness of the current threat landscape, they can better identify their weaknesses, shore up their defenses, and develop an action plan that keeps disruption to employees, customers, and other stakeholders to a minimum.”

This press release originally appeared online.

Sign up for our newsletter

Newsletter: Innovations in K12 Education
By submitting your information, you agree to our Terms & Conditions and Privacy Policy.

Laura Ascione

IT Campus Leadership

Your source for IT solutions and innovations to support campus-wide success. Weekly on Wednesday.

  • Hidden
  • Hidden
  • Please enter your work email address.
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • Hidden
  • This field is for validation purposes and should be left unchanged.

Sign up for our newsletter

Newsletter: Innovations in K12 Education
By submitting your information, you agree to our Terms & Conditions and Privacy Policy.