Illumio Research Reveals 58% of Companies Hit With Ransomware Have Been Forced to Halt Operations

Sunnyvale, California – January 28, 2024 – Ransomware attacks are disrupting and undermining business operations and draining revenue streams, according to new research from the Ponemon Institute, commissioned by Illumio, Inc., the leader in breach containment.

Findings from The Global Cost of Ransomware Study reveal that 58% of organizations had to shut down operations following a ransomware attack, up from 45% in 2021. Forty percent reported a significant loss of revenue (up from 22% in 2021); 41% lost customers; and 40% had to eliminate jobs.

The research examined the scope of ransomware threats confronting organizations and the measures being implemented to reduce the risks and their impacts. Key findings include:

• Attackers are reaching critical systems to cause maximum disruption: Ransomware attacks impacted 25% of critical systems, with systems down for 12 hours on average.

• Organizations continue to spend significant time and money containing ransomware: On average, it took 17.5 people, 132 hours each to contain and remediate their largest ransomware attack.

• Costs associated with reputation and brand damage now exceed those from legal and regulatory actions: 35% experienced significant brand damage from an attack (up from 21% in 2021).

• Failure to prioritize investments that boost resilience is costing businesses: 44% lack the ability to quickly identify and contain attacks, and only 27% have implemented microsegmentation – a vital control for stopping the spread of breaches.

“Ransomware is more pervasive and impactful than ever, with more organizations forced to suspend operations or experiencing major business failure because of attacks,” said Trevor Dearing, Director of Critical Infrastructure at Illumio. “Organizations need operational resilience and controls like microsegmentation that stop attackers from reaching critical systems. By containing attacks at the point of entry, organizations can protect critical systems and data, and save millions in downtime, lost business, and reputational damage.”

Cloud and hybrid environments remain weak links, with attackers exploiting unpatched systems

The increased connectivity of business systems and devices is making it harder for organizations to defend against ransomware attacks. Organizations perceive the cloud as being the most vulnerable, and 35% say a lack of visibility across hybrid environments makes it difficult to respond to ransomware attacks.

Desktops and laptops remain the most compromised devices (50%), with phishing and Remote Desktop Protocol (RDP) cited as top entry points for ransomware. Most attacks moved across the network to infect other devices. In over half of these cases (52%), attackers exploited unpatched systems to move laterally and escalate system privileges; up significantly from 33% in 2021.

Organizations are investing heavily in ransomware defense, but efforts are falling short

According to the research, nearly a third of IT budgets (29%) are allocated to staff and technologies meant to prevent, detect, contain, and resolve ransomware attacks, yet attacks are still successful. Eighty-eight percent of organizations have fallen victim to a ransomware attack, despite 54% being confident in their security posture.

Organizations are also taking a chance on ransomware recovery and failing. Fifty-two percent of respondents believe having a full and accurate backup is a sufficient defense against ransomware. Yet only 13% were able to recover all impacted data following a ransomware attack.

The report also found larger organizational challenges in defending against ransomware including:

• Ransomware reporting is still not happening: 72% of those that experienced a ransomware attack didn’t report it to law enforcement. Top reasons for not reporting include fear of publicizing the incident (39%); a payment deadline (38%); and fear of retaliation (38%).

• Employees are more security conscious, but still a weak link: 40% are confident in the ability of employees to detect social engineering lures (up from 30% in 2021), however, insider negligence is the top challenge when responding to ransomware attacks.

• Organizations are slow to adopt AI to combat ransomware: Only 42% have specifically adopted AI to help combat ransomware. More (51%) are concerned their organization may experience an AI-generated ransomware attack.

To learn more, download the full Global Cost of Ransomware Study here.

‍