In the annual OpenText report on cybersecurity and ransomware for 2024, an alarming landscape is highlighted: ransomware attacks continue to rise and artificial intelligence (AI) is enhancing the capabilities of cybercriminals. The global survey shows that both large enterprises and small and medium-sized enterprises (SMEs) are at increasing risk due to the increasingly sophisticated tactics of attackers, who are now using AI to make phishing attacks more effective and targeted.
The constantly growing ransomware threat
Nearly half of the respondents (48%) revealed that their company has experienced a ransomware attack in the past, and a staggering 73% suffered one this year. The cost for victims remains high, as 46% of affected organizations have paid the ransom, with 31% of these payments ranging from 1 to 5 million dollars. Although SMEs have been the most affected this year, these data emphasize the urgency for companies of all sizes to strengthen their defenses against ransomware.
Companies are improving their data recovery plans, with 39% conducting recovery tests frequently. Thanks to these measures, 97% of companies have successfully restored their data after an attack, indicating that, while the risk is high, there are tools and strategies to mitigate the impact.
Supply chain attacks in the spotlight
The OpenText study highlights that 91% of respondents fear ransomware attacks on their supply chain partners, especially after recent incidents that affected key providers such as Change Healthcare and CDK Global. These attacks have caused significant disruptions, and nearly half of companies are considering changing providers to reduce their vulnerability.
62% of companies that experienced a ransomware attack indicated that the attack originated from a supply chain partner. In response, 67% of companies plan to improve collaboration and security practices with their software providers in the next year. The implementation of regular security audits and advanced threat detection tools are considered essential to strengthen supply chain security.
The power of AI: a threat and an advantage
AI has become a double-edged sword in the field of cybersecurity. While it can help security teams automate responses and filter alerts, it is also aiding attackers, enhancing the effectiveness of phishing attacks. According to the survey, 45% of respondents reported an increase in phishing attempts due to the use of AI, and 69% of those who suffered ransomware attacks noticed an increase in this type of attack.
Furthermore, 55% of companies believe that the proliferation of AI among cybercriminals increases their vulnerability, underscoring the need to invest in defenses tailored to this new digital environment.
Investment in cybersecurity and readiness for attacks
Awareness of ransomware threats is growing, and regulation is a factor driving investments in defense against these attacks. 37% of respondents indicated that compliance requirements or cybersecurity insurance are key factors in increasing their investment in defense measures.
Currently, 72% of companies have cybersecurity insurance, and 66% prioritize cloud security. There has also been a significant increase in cybersecurity training, with 91% of companies requiring their employees to participate in security and phishing training programs. In 2024, 66% of companies provided this training at least once a quarter, compared to 39% in 2023.
A call for resilience: avoid ransom payment
Despite efforts and increased investments in cybersecurity, the OpenText report reveals that ransom payments remain a common practice. However, the company emphasizes that paying the ransom only perpetuates the problem and encourages organizations to rely on their resilience strategies to resist cybercriminals without giving in to their demands.