Cyberattack recovery cost surges to $2.73m in 2024 – Report
May 8, 2024449 views0 comments
Joy Agwunobi
Leading cybersecurity firm Sophos has issued a warning about the growing impact of ransomware attacks on businesses worldwide. In its “State of Ransomware” report for 2024, the company reveals a sharp rise in the cost of recovery for businesses hit by cyberattacks, noting that it has risen to $2.73 million up from $1.82 million last year.
The report which was based on a comprehensive data of 5,000 cybersecurity/IT leaders from 14 countries across the Americas, EMEA and Asia Pacific was conducted between January and February 2024 provides a vendor – agnostic perspective on the state of ransomware.
It showed a 500 percent increase in ransom payments by companies affected with ransomware in 2023. The report revealed that despite a decrease in ransomware attacks from 66 percent in 2022 to 59 percent 2024, ransom demands were found to be escalating, with 63 per cent exceeding $1m and 30 per cent surpassing $5m.
The report stated that companies that paid the ransom reported an average payment of $2million, up from $400,000 recorded in 2023.The report also found a trend among ransomware operators seeking substantial payoffs, with 63 percent of ransom demands were $1 million or more, and 30 percent of demanding over $5 million.
According to the report, the main causes of ransomware attacks were identified as exploited vulnerabilities as the primary root cause for the second consecutive year, affecting 32 percent of organisations. Following closely behind were compromised credentials at 29 percent and malicious email at 23 per cent.
It noted that victims whose attacks originated from vulnerabilities reported more severe impacts on their organisations, including higher rates of backup compromise 75 per cent, data encryption 67 per cent, and a higher likelihood of paying the ransom 71 per cent, compared to attacks initiated with compromised credentials. Additionally, organisations surveyed experienced greater financial and operational consequences, with the average recovery cost of $3.58 million, compared to $2.58 million for attacks originating from compromised credentials. The report added that a larger proportion of attacked organisations required more than a month to recover.
John Shier, chief technical officer of Sophos,said “We must not let the slight dip in attack rates give us a sense of complacency. Ransomware attacks are still the most dominant threat today and are fueling the cybercrime economy”.
Shier noted that without ransomware, the cybercrime landscape would lack the diverse range of precursor threats and services that enable these attacks adding that the skyrocketing costs of ransomware attacks belie the fact that this is an equal-opportunity crime.
He stressed that ransomware is an equal-opportunity crime, offering opportunities for cybercriminals of all skill levels adding that while some groups target high-value ransoms, others opt for lower sums.