Delinea, a provider of privileged access management (PAM) solutions for seamless security, published its 2022 State of Ransomware Report today. Results find things may be looking up in the fight against ransomware. Cyber-attacks using the popular compromising tactic have declined significantly over the past 12 months compared to the previous year, and fewer companies are paying ransoms. Still, there are red flags in the annual report related to spending, planning and using cybersecurity tools available to combat ransomware.
The survey of 300 U.S.-based IT decision makers, conducted on Delinea’s behalf by Censuswide, found that only 25 percent of organizations were victims of ransomware attacks over the past 12 months, a stunning 61 percent decline from the previous 12-month period when 64 percent of organizations reported being victims. Furthermore, the number of victimized companies that paid the ransom declined from 82 percent to 68 percent, which could be a sign that warnings and recommendations from the FBI to not pay ransoms are being heeded. Larger companies are more likely to be victims of ransomware, as 56 percent of companies with 100 or more employees said they were victims of ransomware attacks.
Along with these positive results, the survey raises concerns that a potentially reduced threat could lead to complacency. Budget allocations for ransomware are in decline, as only 68 percent of those surveyed said they have an allocated budget to protect against ransomware versus 93 percent during the prior year. The number of companies with incident response plans also declined from 94 percent to 71 percent, and only half are taking proactive, proven steps to prevent ransomware attacks such as enforcing password best practices (51 percent) and using multi-factor authentication (50 percent).
“The reduction of ransomware attacks is an encouraging sign, but organizations need to make sure they keep their guard up against this constant, evolving threat,” said Art Gilliland, CEO of Delinea. “Staying vigilant by maintaining a strong least privilege approach backed by stronger password protection, authentication enforcement, and access controls can help continue this downward trend.”
The survey also revealed the consequences of ransomware attacks are more tangible, as more respondents acknowledged their companies lost revenue (56 percent) and customers (50 percent) compared to the previous year. Fewer organizations (43 percent) reported reputational damage from being victims of a ransomware attack.