One in five businesses have paid or would pay a ransom for their data

One in five businesses have paid or would pay a ransom for their data

New research from Thales has found that malware, ransomware and phishing continues to plague global organisations. In fact, one in five (21%) have experienced a ransomware attack in the last year, with 43% of those experiencing a significant impact on operations.

First seen in the late 1980s, with the PC Cyborg Virus, the frequency and impact of ransomware attacks have now accelerated, due to the rise of cryptocurrency as the preferred ransomware payment method. In fact, the 2022 Thales Data Threat Report –conducted by 451 Research, part of S&P Global Market Intelligence, including more than 2,700 IT decision-makers worldwide – found a fifth (22%) of organisations have admitted that they have paid or would pay a ransom for their data. Despite this, 41% of respondents said they had no plans to change security spending, even with greater ransomware impacts.

Additionally, less than half of respondents (48%) have implemented a formal ransomware plan. Healthcare was the most prepared at 57% with a formal ransomware plan; energy was the least at 44%. Despite both sectors experiencing significant breaches over the past 12 months. 

Data visibility is a challenge

As more companies adopt multicloud strategies and hybrid work remains the norm, IT leaders continue to be challenged by the sprawl of data across their organisations and find it more difficult to locate all of their data. Just over half (56%) of IT leaders were very confident or had complete knowledge of where their data was being stored – down from 64% the previous year – and only a quarter (25%) stated they were able to classify all their data. 

Threats and compliance challenges

Throughout 2021, security incidents remained high, with almost a third (29%) of businesses experiencing a breach in the past 12 months. Additionally, almost half (43%) of IT leaders admitted to having failed a compliance audit.

Globally, IT leaders ranked malware (56%), ransomware (53%) and phishing (40%) as the leading source of security attacks. Managing these risks is an ongoing challenge, with almost half (45%) of IT leaders reporting an increase in the volume, severity and/or scope of cyberattacks in the past 12 months.

The cloud is increasing complexity and risk

Cloud adoption is increasing with more than a third (34%) of respondents saying they used more than 50 Software-as-a-Service (SaaS) apps and 16% used more than 100 apps. However, 51% of IT leaders agreed that it is more complex to manage privacy and data protection regulations in a cloud environment than in on-premises networks within their organisation, up from 46% last year.

The 2022 Data Threat Report also revealed significant momentum amongst businesses to store data in the cloud, with 32% of respondents stating that around half of their workloads and data resides in external clouds and a quarter (23%) reporting more than 60%. However, 44% reported that they had experienced a breach or failed an audit in their cloud environments. 

Browse our latest issue

Intelligent CISO

View Magazine Archive