Research Reveals Two-Thirds of Organizations Infected with Ransomware Multiple Times, with One-in-Five Infected More than Ten Times

AUSTIN, Texas--(BUSINESS WIRE)--Halcyon, the leading platform designed from day one to defeat ransomware, today released new research detailing the significant impact on businesses from ransomware attacks and data exfiltration over the past 24 months. According to the Ransomware and Data Extortion Business Risk Report, one-in-five (18%) suffered a ransomware infection 10 or more times in a 24-month period, one-in-five (18%) were infected 5-9 times, and 30% were infected 2-4 times.

Data exfiltration occurs in nearly every major ransomware attack today, and nearly two-thirds (60%) of respondents said that sensitive or regulated data was exfiltrated from their organization, with more than half (55%) reporting the attackers issued an additional ransom demand to protect the exfiltrated data. As well, 58% of victims reported that the loss of sensitive data put their organizations at additional risk of regulatory action and lawsuits.

“The C-suite and BoD need to recognize that most of these attacks today are basically data exfiltration attacks with some ransomware sprinkled in, and once the data is exfiltrated the damage is done,” said Jon Miller, CEO & Co-founder, Halcyon. “Data exfiltration, in many cases, is a bigger problem for the victim organization than the disruption to operations because, as the report highlights, even if an organization pays the ransomware demand, these criminals still have that data, putting victim organizations and their leadership at heightened risk of lawsuits and regulatory actions.”

The report also revealed a strong disconnect between perception and reality when it comes to prevention and resilience against ransomware and data extortion attacks. Fully 88% of respondents indicated they were somewhat or very confident their organizations’ current security deployments could disrupt an attack before a ransomware payload is delivered, and 85% were somewhat or very confident their organizations could quickly resume regular operations following a successful attack. Yet more than one-in-three (36%) were Infected 5 times or more over the two-year period.

Furthermore, 62% of organizations hit by ransomware reported a major disruption in operations, with 38% saying operations were disrupted for at least two months to more than six months. These findings clearly show that organizations are overly confident in their ability to defend against and quickly recover from ransomware attacks.

“The disconnect between perceived and actual risk is not helping organizations be more resilient to ransomware attacks,” said Anthony M. Freed, Director of Research and Communications, Halcyon. “While most respondents feel confident their current security deployments are adequate for both prevention and recovery, the data shows that the majority of attacks are nonetheless successful and victim organizations are struggling to get operations back up and running, which is what is driving up these post-attack recovery costs.”

Other key findings in the report include:

• In all cases, ransomware attackers successfully bypassed security prevention controls;
• Of the organizations that opted to pay a ransom demand, the majority (78%) said the attackers failed to provide a working decryptor or data was corrupted upon decryption;
• Fifty-nine percent of participants indicated incident response costs were more than $1 million;
• More than half (57%) said the attacks will have a negative impact long-term on their organization’s operations, competitiveness, profitability or overall viability;
• Of the organizations that have cyber insurance, two-in-five (39%) said their premiums increased significantly following a ransomware attack, while more than one-quarter (28%) said premiums increased slightly.

Research was conducted through an independent survey with responses from 913 directors-level or above and members of the security or IT teams that were targeted by a ransomware attack in the past 24 months.

To read the full report, please visit: www.halcyon.ai/blog/halcyon-ransomware-and-data-extortion-business-risk-report

ABOUT HALCYON

Halcyon is the leading anti-ransomware company. Global 2000 companies rely on the Halcyon platform to fill endpoint protection gaps and defeat ransomware with minimal business disruption through built-in bypass and evasion protection, key material capture and automated decryption, and exfiltration and extortion prevention.