26 May 2021


Barely a week goes by where we don’t read a story in the news about a major organisation that has had its business crippled or brought to a grinding halt by a ransomware attack.

Given the explosion in the numbers of reported ransomware cases, it’s easy to see why that’s the case. In its 2020 mid-year threat landscape report, BitDefender found that there had been a staggering seven-fold year-on-year increase in ransomware reporting last year.

Just a few weeks ago, Channel 9 was hit by a ransomware attack which forced it to take a number of shows off the air, including the NRL Sunday Footy Show. Even major tech companies, such as Software AG and Cognizant, have been hit with ransomware attacks that cost them an estimated $20 million and $50 million respectively, so if organisations of that size with that level of IT expertise can be compromised, so could your business.

As these attacks become more sophisticated and debilitating, the cost to businesses that opt to pay the ransom has increased exponentially. According to statistics collected by threat researchers at Palo Alto Networks’ Unit 42, the average ransom paid by organisations in the US, Canada, and Europe has tripled from $115,123 in 2019 to $312,493 in 2020, and that upward trajectory is likely to continue when 2021’s figures come out at year’s end.

But what’s worse is that most businesses are aware that there is an issue when it comes to their security preparedness but have failed to act upon it.

This was starkly evident within Veritas’ 2020 Ransomware Resiliency Report, which found that 64 percent of the businesses questioned in the global survey felt that security had not kept pace with the complexity of their IT infrastructure, while at the same time, over half of all businesses (54 percent) also reported flat or decreased funding for IT security during the Covid 19 epidemic, at the very time when threat actors are dramatically ramping up their activities.

Meanwhile, 66 percent of companies estimated that it would take them five or more days to fully recover from a ransomware attack if they didn’t pay the ransom. Now, imagine the cost to your business of five or more days of major disruption or complete inactivity. It doesn’t bear thinking about, but the reality is that it desperately needs to be thought about and acted upon.