Ransomware attacks have nearly doubled since 2020, according to GetApp

STAMFORD, Conn.--(BUSINESS WIRE)--U.S. businesses are at high risk for data security threats from increasingly effective phishing attempts and the lack of procedures to restrict data access, according to GetApp’s 4th Annual Data Security Report. Newer companies are especially vulnerable to security threats. However, the report also identifies encouraging trends in regards to security budgets and training frequency.

This survey of IT security managers and employees reveals seven major trends in the data security threats facing U.S. businesses:

1. Phishing emails are on the rise, and so are the employees clicking the links.
   This year, 89% of companies surveyed report receiving a phishing email, a jump from 77% who said the same in 2021. What’s more concerning is the percentage of employees who click on phishing links, which has increased by 88% over the previous three years.
2. To fight back, businesses are implementing more phishing tests.
   Fortunately, businesses are fighting against the growing phishing attempts by implementing phishing tests among their workforce. The use of phishing tests has more than doubled since 2019 (30% vs. 70%).
3. Two-factor authentication is finally ubiquitous—just as attackers find new ways to defeat it.
   A majority (92%) of businesses in 2022 report using two-factor authentication (2FA) for at least some of their business applications. However, cybercriminals have found new ways to defeat 2FA. An area of weakness is MFA fatigue—threat actors repeatedly send victims authentication requests until they give in and grant access.
4. Businesses often give employees more access to data than necessary.
   Today’s most destructive cyberattacks rely on unrestricted data access privileges to infect and spread throughout business networks. Unfortunately, 68% of businesses allow employees more access to data than they need. And one in three businesses allow employees access to all company data.
5. Newer companies are more vulnerable to attacks.
   Mature companies tend to have well-developed policies and processes to thwart attacks. Companies with two or fewer years in business are nearly three times as likely to report a ransomware attack compared to those with 10 or more years in business.
6. Ransomware attacks have doubled, but fewer companies are paying the ransom.
   In the last two years, the total number of ransomware attacks has doubled while the rate of companies paying the ransom has steadily decreased. This finding can be attributed to more companies either successfully decrypting data and removing the malware or recovering from the attack by using a backup without paying a ransom.
7. Most companies have increased security budgets and awareness training.
   In the past three years, the number of companies scheduling semi-annual security awareness training has more than doubled. In the past year, nearly two in three (62%) companies have increased their security budgets as well.

Data is typically a company’s most valuable resource, and the effort put forth to protect it can mean the difference between success and failure. View the full report here to learn more about how businesses can remain vigilant as data security threats evolve and new ones emerge.

About GetApp
GetApp is the recommendation engine small businesses need to make the right software choice. GetApp enables SMBs to achieve their mission by delivering the tailored, data-driven recommendations and insights needed to make informed software purchasing decisions. For more information, visit www.getapp.com.