Nearly Two-Third of Ransomware Victims Paid Ransoms Last Year, Finds “2022 CyberThreat Defense Report”
Record-setting Ransomware Attacks, a Shortage of Skilled Personnel, and Low Security Awareness Across the WorkforceCause Headaches for IT Security Teams
Annapolis, MD – April 4, 2022 – CyberEdge Group, a leading research and marketing firm serving the cybersecurity industry’s top vendors, today announced the launch of its ninth annual Cyberthreat Defense Report (CDR). The award-winning CDR is the standard for assessing organizations’ security posture, gauging perceptions of information technology (IT) security professionals, and ascertaining current and planned investments in IT security infrastructure – across all industries and geographic regions.
Funding the ransomware industry
A record 71% of organizations were impacted by successful ransomware attacks last year, according to the 2022 CDR, up from 55% in 2017. Of those that were victimized, nearly two-thirds (63%) paid the requested ransom, up from 39% in 2017.
As to why more organizations today, like Colonial Pipeline, CNA Financial, and JBS Holdings, are pay ransoms, CyberEdge offers three explanations:
- Threat of exposing exfiltrated data. Most modern ransomware attacks not only encrypt compromised data, but also exfiltrate it. Failure to pay a ransom can, and has, resulted in public exposure of highly sensitive data, to the embarrassment of its victims.
- Lower cost of recovery. Many organizations conclude that paying a ransom is significantly less costly than enduring the high cost of system downtime, customer disruptions, and potential lawsuits stemming from publicly exposed confidential data.
- Increased confidence for data recovery. Nearly three-quarters (72%) of ransom-paying victims recovered their data last year, up from 49% in 2017. This increased confidence for successful data recovery is often factored into the ransom-paying decision.
“These days, being victimized by ransomware is more of a question of ‘when’ than ‘if,’” says Steve Piper, founder and CEO of CyberEdge Group. “Deciding whether to pay a ransom is not easy. But if you plan ahead, and plan carefully, that decision can be made well in advance of a ransomware attack. At the very least, a decision framework should be in place so precious time isn’t wasted as the ransom payment deadline approaches.”
People problems persist
Each year, CyberEdge asks respondents to rate potential inhibitors that prevent them from adequately defending their organizations from cyberthreats. This year, “lack of skilled personnel” and “low security awareness among employees” were the highest-rated concerns, as they have been for the last three years. In other words, the two biggest persistent problems are not budget or technology-related, but rather people-related.
According to this year’s CDR, 84% of responding organizations are experiencing a shortfall of skilled IT security personnel. IT security administrators (41%), IT security analysts (33%), and IT security architects (32%) are in greatest demand. Additionally, too many organizations teach their employees how to evade email- and web-based cyberthreats when they’re hired but don’t follow up with additional, periodic training to reinforce those lessons learned. This oversight poses an enormous risk to organizations, as most data breaches stem from inadequately trained employees.
Additional key findings
The 2022 CDR yielded dozens of additional insights, including:
- Increased security spending. A whopping 83% of responding organizations are experiencing growth in their security budgets, up from 78% last year. The average security budget has grown by 4.6% in 2022, up from 4.0% in 2021.
- Hottest security tech for 2022. CyberEdge tracks current and planned investments by security organizations across five technology categories. Among the most sought-after security technologies in 2022 are next-generation firewalls (network security), deception technology (endpoint security), bot management (application and data security), advanced security analytics (security management and operations), and biometrics (identity and access management).
- This year’s weakest links. Mobile devices, industrial control systems/supervisory control and data acquisition (ICS/SCADA) devices, and Internet of Things (IoT) devices top this year’s list of the IT components that are most challenging to secure.
- Watch those APIs. Solutions to protect application programming interfaces (APIs) are embraced by nearly two-thirds (64%) of organizations.
- PII and credentials at risk. Among web and mobile application attacks, personally identifiable information (PII) harvesting and account takeover (ATO) attacks are the most prevalent and concerning.
- Hybrid cloud security headaches. “Detecting unauthorized application usage” (46%) and “detecting and responding to cyberthreats” (45%) top the list of hybrid cloud security challenges.
- Specialty certifications in demand. Nearly all (99%) of the research participants agreed that achieving an IT security specialty certification would boost their careers. Cloud security and software security topped the list of specialty certifications in highest demand.
- Integrating app and data security. “Improved cloud security posture’ and “enhanced security incident investigations” were cited as the top benefits achieved by integrating application and data security into a unified platform.
- Protecting work from home (WFH). To safeguard employees working at home, security teams are relying on anti-virus and VPN products, as well as SD-WAN, network access control (NAC), and mobile device management (MDM) solutions.
- Embracing emerging technologies. The vast majority of organizations have embraced emerging security technologies such as SD-WAN (82%), zero trust network architectures (77%), and security access service edge (SASE) (73%).
About the CDR
In November 2021, 1,200 IT security decision makers and practitioners completed a 27-question online survey. Each participant was employed by a commercial or government entity with a minimum of 500 employees. Participants came from six geographic regions: North America, Europe, Asia Pacific, the Middle East, Latin America, and Africa.
The CDR gauges perceptions about cyberthreats and ascertains future plans for improving security and reducing risk. It empowers IT security professionals to benchmark their company’s security posture, operating budget, product investments, and best practices against peers in their industry and geographic region.
The 2022 CDR is supported by leading information security vendors:
- Platinum sponsors: (ISC)2, Gigamon, Imperva, Menlo Security, PerimeterX, and ThreatX
- Gold sponsors: Aqua Security, Attivo Networks, ConnectWise, Delinea, LookingGlass, Netsurion, and PhishLabs
- Silver sponsors: Agari, Binary Defense, Drawbridge, Eclypsium, Netwrix, SailPoint, and Telos
The 2022 Cyberthreat Defense Report is available from all sponsors or by visiting the CyberEdge Group website at www.cyber-edge.com/cdr.