Ransomware continues to pose a persistent threat to organizations and is the leading cause of disruptions in IT and downtime. According to the “Veeam 2024 Ransomware Trends Report,” 41% of data is compromised during a cyberattack. Furthermore, only 57% of this compromised data is recovered, leaving organizations vulnerable to significant information loss and a negative impact on their business operations.
Impact of ransomware on organization personnel
Cyberattacks not only affect an organization’s financial stability but also have a significant effect on teams and individuals. The report indicates that 45% of IT and security teams face increased pressure during a cyberattack. Additionally, 26% experience a decrease in productivity, and 25% face disruptions in internal or customer-related services.
These attacks increase workload and stress levels among employees. 45% of respondents mention an increase in workload post-attack, and 40% report an increase in stress levels, underscoring the need for effective cyberdefense strategies.
Insufficient organization preparation
Despite an increasing focus on cyberpreparedness, organizations continue to face misalignments between their security and IT teams. For the third consecutive year, approximately two-thirds (63%) of organizations consider their backup and IT teams to be out of sync. Moreover, 61% of security professionals and 75% of backup administrators believe that teams require “significant improvement” or a complete system overhaul.
Ransom does not guarantee recovery
For the third consecutive year, the majority (81%) of surveyed organizations paid the ransom to stop an attack and recover their data. However, one in three organizations that paid the ransom could not recover even after payment. More organizations “paid but could not recover” than those that “recovered without paying.”
Financial impact of ransomware
Contrary to the belief that having cyber insurance increases the likelihood of paying ransoms, Veeam’s research shows that only a minority of organizations had a policy for this purpose, and yet, 81% paid the ransom. Notably, 65% paid with insurance, and another 21% had insurance but paid without claiming. This implies that in 2023, 86% of organizations had insurance coverage that could have been used in the event of a cyberattack.
Paid ransoms represent only 32% of the total financial impact after an attack. Cyber insurance does not cover all costs associated with the attack; only 62% of the total impact is recoverable in some form, with the rest borne by the organization’s budget.
Importance of good backup
The most common component of a cyberpreparedness strategy is good backup. Although cybersecurity and backup teams are not always aligned, only 2% of organizations lacked an Incident Response Team (IRT), and only 3% had teams but without a manual of strategies.
Key findings from the Veeam 2024 Ransomware Trends Report
– Data vulnerability in the cloud and on-premises: Data in the cloud and physical facilities are equally vulnerable. There were no significant differences in the amount of data affected between data centers, remote offices, or public and private clouds.
– Risk of reintroducing infections: Almost two-thirds (63%) of organizations are at risk of reintroducing infections while recovering from ransomware attacks. Pressure to quickly restore operations leads many organizations to skip crucial steps, such as reanalyzing quarantined data.
– Ensuring data recoverability: As a lesson learned, 75% of organizations now use immutable local disks, and 85% use cloud storage with immutability capabilities. Half of global backup storage is immutable, highlighting the improvements made and the need to continue working on this aspect.
Ransomware remains one of the most significant threats to organizations globally. The need to be prepared and have effective recovery strategies is more urgent than ever.
Available for download in PDF on the Veeam website.