Ransomware: One in five would pay out for data

However, 41 percent of organisations have no plans to change their security spending

Posted 23 March 2022 by Christine Horton

A fifth (22 percent) of organisations have admitted that they have paid or would pay a ransom for their data.

Despite this, 41 percent of respondents said they had no plans to change security spending, even with greater ransomware impacts.

New research from Thales has found one in five (21 percent) of organisations have experienced a ransomware attack in the last year, with 43 percent of those experiencing a significant impact on operations.

The 2022 Thales Data Threat Report also shows that fewer than half of respondents (48 percent) have implemented a formal ransomware plan.

Healthcare was the most prepared at 57 percent with a formal ransomware plan; energy the least at 44 percent. Despite this, both sectors have experienced significant breaches over the past twelve months.

Data visibility is a challenge

As more companies adopt multicloud strategies and hybrid work remains the norm, IT leaders continue to be challenged by the sprawl of data across their organisations and find it more difficult to locate all of their data.

Just over half (56 percent) of IT leaders were very confident or had complete knowledge of where their data was being stored, down from 64 percent the previous year, and only a quarter (25 percent) stated they were able to classify all their data.

Threats & compliance challenges

Throughout 2021, security incidents remained high, with almost a third (29 percent) of businesses experiencing a breach in the past 12 months. Additionally, almost half (43 percent) of IT Leaders admitted to having failed a compliance audit.

Globally, IT leaders ranked malware (56 percent), ransomware (53 percent) and phishing (40 percent) as the leading source of security attacks. Managing these risks is an ongoing challenge, with almost half (45 percent) of IT leaders reporting an increase in the volume, severity and/or scope of cyberattacks in the past 12 months.

The cloud is increasing complexity & risk

Cloud adoption is increasing with more than a third (34 percent) of respondents saying they used more than 50 Software as a Service (SaaS) apps and 16 percent used more than 100 apps. However, 51 percent of IT leaders agreed that it is more complex to manage privacy and data protection regulations in a cloud environment than in on-premises networks within their organization, up from 46 percent last year.

The report also revealed significant momentum amongst businesses to store data in the cloud, with 32 percent of respondents stating that around half of their workloads and data resides in external clouds, and a quarter (23 percent) reporting more than 60 percent. However, 44 percent reported that they had experienced a breach or failed an audit in their cloud environments.

Additionally, the use of encryption to protect sensitive data is low, with only half of respondents (50 percent) disclosing that more than 40 percent of their sensitive data has been encrypted, and a fifth (22 percent) stating more than 60 percent. Representing a significant ongoing risk for businesses.

Remote work worries

Another full year of remote working demonstrated that navigating security risks is proving a significant challenge for businesses. Worryingly, the majority of businesses (79 percent) are still concerned about the security risks and threats that posed by remote working. Only half of IT leaders (55 percent) reported to have implemented multi factor authentication (MFA), a figure unchanged from the previous year.

Threats on the horizon

However, the report also showed that IT leaders have significant diversity of spending technology priorities – suggesting they are serious about tackling complex threat environments. A quarter (26 percent) stated that broad cloud security toolsets are the greatest future spending priority. Additionally, a similar number of IT leaders (25 percent) stated they were prioritising key management, with Zero Trust an important strategy for 23 percent.

IT leaders are also increasingly aware of the future challenges on the horizon. Looking ahead, when asked to identify security threats from quantum computing, 52 percent said they were concerned with ‘tomorrow’s decryption of today’s data’, a concern that will likely be intensified by the increasing complexity of cloud environments.

“As the pandemic continues to affect both our business and personal lives, any expectation of a ‘return’ to pre-pandemic conditions have faded,” said Sebastien Cano, SVP for cloud protection and licensing activities at Thales.

“Whilst teams around the world have continued to face challenges in securing their data, our findings indicate that urgent action is needed by businesses to develop more robust cybersecurity strategies. The attack surface, as well as the asset management challenges, are only set to increase in the coming year, and it is vital that businesses deploy a robust security strategy based on discovery, protection and control.”