2017 Ransomware Report from Cybersecurity Insiders

• Ransomware is the fastest growing security threat, perceived as a moderate or extreme threat by 80% of cybersecurity professionals.
  
  
• 75% of organizations affected by ransomware experienced up to five attacks in the last 12 months alone, 25% experienced 6 or more attacks.
  
  
• 79% predict ransomware to become a larger threat over the next 12 months. Only a small fraction of respondents say they would pay the ransom or negotiate with the attackers.
  
  
• 59% of organizations are either not confident at all or only slightly to moderately confident in their ransomware defense.
  
  
• Email and web use represent the most common ransomware infection vectors with employees opening malicious email attachments (73%), responding to a phishing email (54%) or visiting a compromised website (28%).
  
  
• The information most at risk from ransomware attacks is financial data (62%) followed by customer information (61%).
  
  
• From a solution perspective, the majority of identified ransomware attacks were detected through endpoint security tools (83%), email and web gateways (64%), and intrusion detection systems (46%).
  
  
• Security professionals rank user awareness training the most effective tactic to prevent and block ransomware (77%) followed by endpoint security solutions (73%), and patching of operating systems (72%) as preventive approaches to ransomware threats.
  
  
• Data backup and recovery (74%) is by far as the most effective solution to respond to a successful ransomware attack. 96% of respondents confirm they have a data backup and recovery strategy in place. A majority of 54% say they could recover from a successful ransomware attack within a day, while 39% estimate it will take more than one day to a few weeks to recover.
  
  
• Speed of recovery is absolutely mission-critical as business cost escalates with every hour the business cannot fully operate, causing system downtime (41%) and productivity loss (39%).
  
  
• Today’s main obstacles to stronger ransomware defense are all about resources and staying current on the latest ransomware exploits: lack of budget (52%), dealing with evolving sophistication of attacks (42%), and lack of human resources (33%). The silver lining: 60% of organizations expect their budget for ransomware security to increase.

View the full report here.