Whichever way you look at the data, it is considerably cheaper to use backups to recover from a ransomware attack than to pay the ransom. The median recovery cost for those that use backups is half the cost incurred by those that paid the ransom, according to a recent study. Similarly, the mean recovery cost is almost $1 million lower for those that used backups. Despite this fact, the use of backups is actually falling.

This was one of the most prominent findings in the recent Sophos State of Ransomware survey. Let’s take a closer look at the report’s conclusions.

The state of ransomware

Sophos recently published an independent, vendor-agnostic report about the impact of ransomware worldwide. The survey included 3,000 IT and cybersecurity leaders in organizations with between 100 and 5,000 employees across 14 countries in the Americas, EMEA and Asia Pacific. The study was conducted between January and March 2023, and the participants responded based on their experiences over the past year.

According to the report, the rate of attacks stayed constant, with 66% of respondents reporting that they were hit by ransomware during the last year. In 2022, respondents reported the exact same percentage. While this might be a good sign, it’s notable that in 2021 the rate was only 37%.

Does size matter?

The Sophos study revealed a distinct correlation between annual revenue and the chances of being a victim of ransomware. For companies with revenue of $10 to $50 million, 56% experienced a ransomware attack in the last year. Meanwhile, 72% of those with revenue of $5 billion or more were victims of ransomware.

Surprisingly, there was no strong relationship between ransomware attacks and company headcount. The rate of ransomware attacks was consistent, with 62-63% of companies of all sizes experiencing ransomware incidents. The only exception was that companies with 1,001 to 3,000 employees had a 73% rate. One might think that larger workforces would lead to more attacks as the attack surface is larger, but this study did not find that to be the case.

Root causes of ransomware attacks

What are the most common causes of ransomware attacks? Exploited vulnerabilities came in at the number one spot. Here’s a breakdown of the most common causes of ransomware found in the Sophos report:

  • Exploited vulnerability: 36%
  • Compromised credentials: 29%
  • Malicious email: 18%
  • Phishing: 13%
  • Brute force attack: 3%
  • Download: 1%.

The media, leisure and entertainment sector saw the highest percentage of attacks due to exploited vulnerability (55%), revealing widespread security gaps in this area. Meanwhile, central and federal government organizations had the highest percentage of attacks attributed to compromised credentials (41%). IT, technology and telecoms reported the lowest attack rates for both exploited vulnerabilities (22%) and compromised credentials (22%).

While tech brands may have a more robust cyber defense, they also reported the highest rates of email-based attacks. For technology companies, over half of the attacks (51%) came from users’ inboxes.

Read the ransomware guide

Rate of data encryption and data theft

Apparently, adversaries are getting better at encrypting data, as per the Sophos survey. Over the last year, 76% of those who faced an attack had their data encrypted by ransomware. This is an 11% increase compared to the previous year. According to Sophos, “This likely reflects the ever-increasing skill level of adversaries who continue to innovate and refine their approaches.”

The rate of data encryption is high across all industries except one. The highest frequency of data encryption (92%) was reported by business and professional services. But in IT, technology and telecoms, adversaries achieved data encryption in only 47% of attacks.

In nearly a third (30%) of attacks where data was encrypted, data was also stolen. This approach enables attackers to increase their chances of cashing in on their efforts. The secondary threat of making stolen data public, called double extortion, is leveraged by the threat of selling data on dark web marketplaces.

Data recovery

According to Sophos’ data, the majority (97%) of organizations that had data encrypted recovered their data. Backups were the most common approach, used in 70% of recovery efforts. However, nearly half of those surveyed (46%) paid a ransom to get their data back. Overall, 21% of ransomware victims used multiple methods to restore their data. And only 1% of organizations paid the ransom and didn’t get data back.

Despite the proven benefit, the use of data backups has dropped in the last year from 73% to 70%. Meanwhile, ransom payment rates have remained steady.

The impact of cyber insurance

The Sophos study also revealed important aspects of cyber insurance beyond the financial aspect. Insured organizations were considerably more likely to recover encrypted data than those without such policies. Essentially, any type of cyber coverage helped. Those with standalone policies (98%) and those with wider insurance coverage (97%) got their data back. Meanwhile, only 84% of those without a cyber policy were able to get encrypted data back.

What explains this difference? As per Sophos, cyber insurers typically require policyholders to have backups and recovery plans as conditions of coverage. Also, insurance companies will guide ransomware victims after an attack to improve outcomes. Lastly, organizations with cyber insurance are more likely to pay a ransom to recover data than those without a policy.

Ransomware recovery costs and business impact

Excluding ransoms paid, organizations reported an estimated mean cost to recover from ransomware attacks of $1.82 million. This total increased from $1.4 million in 2022.

One of the most striking findings in the study was how backups impacted recovery costs. It is significantly cheaper to use backups to recover from an attack than to pay the ransom. The median recovery cost for those that used backups ($375,000) is half the cost incurred by those that paid the ransom ($750,000), as per Sophos. Furthermore, the mean recovery cost is almost $1 million less for those that used backups.

Keep your backups

The Sophos report confirms that ransomware continues to plague nearly every industry in a significant way, and cybersecurity professionals have plenty of work to do. The report’s findings should strongly encourage organizations to use data backups as part of their overall anti-ransomware strategy — or risk the consequences.

More from Data Protection

How governance, risk and compliance (GRC) addresses growing data liability concerns

4 min read - In an era where businesses increasingly rely on artificial intelligence (AI) and advanced data capabilities, the effectiveness of IT services is more critical than ever. Yet despite the advancements in technology, business leaders are increasingly dissatisfied with their IT departments.According to a study by IBM's Institute for Business Value, confidence in the effectiveness of basic IT services among top executives has significantly declined. While AI promises transformational capabilities, particularly generative artificial intelligence (gen AI), the road to realizing these benefits…

Access control is going mobile — Is this the way forward?

2 min read - Last year, the highest volume of cyberattacks (30%) started in the same way: a cyber criminal using valid credentials to gain access. Even more concerning, the X-Force Threat Intelligence Index 2024 found that this method of attack increased by 71% from 2022. Researchers also discovered a 266% increase in infostealers to obtain credentials to use in an attack. Family members of privileged users are also sometimes victims.“These shifts suggest that threat actors have revalued credentials as a reliable and preferred…

Ransomware on the rise: Healthcare industry attack trends 2024

4 min read - According to the IBM Cost of a Data Breach Report 2024, the global average cost of a data breach reached $4.88 million this year, a 10% increase over 2023.For the healthcare industry, the report offers both good and bad news. The good news is that average data breach costs fell by 10.6% this year. The bad news is that for the 14th year in a row, healthcare tops the list with the most expensive breach recoveries, coming in at $9.77…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today