Ransomware continues to hinder organisations – but UK leads the way in refusal to pay hackers

Cyber Confidence Survey reveals false sense of security felt by security and IT decision-makers despite prevalence of attacks

Posted 3 March 2022 by Christine Horton

New research shows a gap between the confidence of IT teams and the reality of the ransomware attack landscape.

The ExtraHop Cyber Confidence Index 2022 report shows three quarters (75 percent) of UK IT decision-makers (ITDMs) are very or extremely confident in their company’s ability to prevent or mitigate cybersecurity threats. Despite this confidence, 58 percent admit that half (or more) of their cybersecurity incidents are the result of their own outdated IT security postures, including widespread use of insecure and deprecated protocols, as well as growing numbers of unmanaged devices.

The report notes that this inflated confidence is even more dangerous in light of the frequency of ransomware attacks. Eighty-five percent reported globally having suffered at least one ransomware attack, and 74 percent reported experiencing multiple incidents in the past five years.

Other survey findings

The cost of ransomware is high. Globally, 72 percent of global respondents admitted to paying a hacker’s ransom on at least one occasion, whilst 42 percent of companies that suffered a ransomware attack said they paid the ransom most or all of the time. The UK was most resistant in this regard with 67 percent and 37 percent, whilst the US was the most likely to give in to ransomware demands with figures being 79 percent and 52 percent, respectively. 

While almost two-thirds (63 percent) of UK respondents agreed it was good to disclose attacks, only 32 percent said they were fully open about attacks and willing to make information available for public knowledge when they actually took place.

Ransomware attacks affect the entire organisation with 40 percent of respondents reporting business downtime resulting from attacks on IT infrastructure, 43 percent reported business downtime resulting from attacks on OT infrastructure, such as medical devices, factory automation systems, and 40 percent reported end user downtime resulting from attacks targeting users.

When asked to identify their top challenges, 44 percent cited a lack of investment, 40 percent cited a lack of cooperation between their network, security, and cloud operations teams, 33 percent cited the long time required to train new hires, and 29 percent cited inadequate or overlapping tooling. In addition, 24 percent in the UK say the biggest disruption to their incident response is having too much data to find real insights. Compared to European data, both the UK and US appear to be lagging behind in investment as 31 percent in France, and 36 percent in Germany, cite lack of investment as a key challenge. 

Despite the shift to working from home, 67 percent of respondents acknowledged transmitting sensitive data over unencrypted HTTP connections instead of more secure HTTPS connections. Another 71 percent of UK respondents are still running SMBv1, the protocol exploited in major attacks like WannaCry and NotPetya, leading to more than $1 billion in damages worldwide. This is higher than the global average of 68 percent and the highest percentage of use in Europe.

“This research highlights the discrepancies between the reality of today’s sophisticated attack landscape and the overconfidence that many business leaders have in their ability to manage an attack,” said Jeff Costlow, CISO at ExtraHop. “Defenders need tools that can track attacker activity across cloud, on-premises, and remote environments so they can identify and stop an attack before they can compromise the business.”