Practically Two-Thirds of Ransomware Victims Paid Ransoms Final Yr, Finds “2022 Cyberthreat Protection Report”



Annapolis, MD – April 4, 2022 – CyberEdge Group, a number one analysis and advertising agency serving the cybersecurity trade’s high distributors, immediately introduced the launch of its ninth annual Cyberthreat Protection Report (CDR). The award-winning CDR is the usual for assessing organizations’ safety posture, gauging perceptions of data know-how (IT) safety professionals, and ascertaining present and deliberate investments in IT safety infrastructure – throughout all industries and geographic areas.

Funding the ransomware trade

A report 71% of organizations have been impacted by profitable ransomware assaults final yr, in response to the 2022 CDR, up from 55% in 2017. Of people who have been victimized, practically two-thirds (63%) paid the requested ransom, up from 39% in 2017.

As to why extra organizations immediately, like Colonial Pipeline, CNA Monetary, and JBS Holdings, are paying ransoms, CyberEdge presents three explanations:

Risk of exposing exfiltrated knowledge. Most fashionable ransomware assaults not solely encrypt compromised knowledge, but additionally exfiltrate it. Failure to pay a ransom can, and has, resulted in public publicity of extremely delicate knowledge, to the embarrassment of its victims.

Decrease price of restoration. Many organizations conclude that paying a ransom is considerably less expensive than enduring the excessive price of system downtime, buyer disruptions, and potential lawsuits stemming from publicly uncovered confidential knowledge.

Elevated confidence for knowledge restoration. Practically three-quarters (72%) of ransom-paying victims recovered their knowledge final yr, up from 49% in 2017. This elevated confidence for profitable knowledge restoration is usually factored into the ransom-paying choice.

“Today, being victimized by ransomware is extra of a query of ‘when’ than ‘if,’” says Steve Piper, founder and CEO of CyberEdge Group. “Deciding whether or not to pay a ransom just isn’t straightforward. However should you plan forward, and plan rigorously, that call may be made nicely prematurely of a ransomware assault. On the very least, a choice framework needs to be in place so treasured time isn’t wasted because the ransom fee deadline approaches.”

Individuals issues persist

Annually, CyberEdge asks respondents to price potential inhibitors that forestall them from adequately defending their organizations from cyberthreats. This yr, “lack of expert personnel” and “low safety consciousness amongst staff” have been the highest-rated considerations, as they’ve been for the final three years. In different phrases, the 2 greatest persistent issues should not funds or technology-related, however quite people-related.

In response to this yr’s CDR, 84% of responding organizations are experiencing a shortfall of expert IT safety personnel. IT safety directors (41%), IT safety analysts (33%), and IT safety architects (32%) are in best demand. Moreover, too many organizations train their staff how one can evade email- and web-based cyberthreats after they’re employed however don’t comply with up with further, periodic coaching to bolster these classes realized. This oversight poses an infinite threat to organizations, as most knowledge breaches stem from inadequately educated staff.

Further key findings

The 2022 CDR yielded dozens of further insights, together with:

Elevated safety spending. A whopping 83% of responding organizations are experiencing progress of their safety budgets, up from 78% final yr. The typical safety funds has grown by 4.6% in 2022, up from 4.0% in 2021.

Hottest safety tech for 2022. CyberEdge tracks present and deliberate investments by safety organizations throughout 5 know-how classes. Among the many most sought-after safety applied sciences in 2022 are next-generation firewalls (community safety), deception know-how (endpoint safety), bot administration (utility and knowledge safety), superior safety analytics (safety administration and operations), and biometrics (identification and entry administration).

This yr’s weakest hyperlinks. Cell units, industrial management techniques/supervisory management and knowledge acquisition (ICS/SCADA) units, and Web of Issues (IoT) units high this yr’s listing of the IT parts which can be most difficult to safe.

Watch these APIs. Options to guard utility programming interfaces (APIs) are embraced by practically two-thirds (64%) of organizations.

PII and credentials in danger. Amongst net and cell utility assaults, personally identifiable info (PII) harvesting and account takeover (ATO) assaults are essentially the most prevalent and regarding.

Hybrid cloud safety complications. “Detecting unauthorized utility utilization” (46%) and “detecting and responding to cyberthreats” (45%) high the listing of hybrid cloud safety challenges.

Specialty certifications in demand. Practically all (99%) of the analysis members agreed that reaching an IT safety specialty certification would increase their careers. Cloud safety and software program safety topped the listing of specialty certifications in highest demand.

Integrating app and knowledge safety. “Improved cloud safety posture’ and “enhanced safety incident investigations” have been cited as the highest advantages achieved by integrating utility and knowledge safety right into a unified platform.

Defending do business from home (WFH). To safeguard staff working at dwelling, safety groups are counting on anti-virus and VPN merchandise, in addition to SD-WAN, community entry management (NAC), and cell gadget administration (MDM) options.

Embracing rising applied sciences. The overwhelming majority of organizations have embraced rising safety applied sciences corresponding to SD-WAN (82%), zero belief community architectures (77%), and safety entry service edge (SASE) (73%).

In regards to the CDR

In November 2021, 1,200 IT safety choice makers and practitioners accomplished a 27-question on-line survey. Every participant was employed by a business or authorities entity with a minimal of 500 staff. Individuals got here from six geographic areas: North America, Europe, Asia Pacific, the Center East, Latin America, and Africa.

The CDR gauges perceptions about cyberthreats and ascertains future plans for enhancing safety and lowering threat. It empowers IT safety professionals to benchmark their firm’s safety posture, working funds, product investments, and greatest practices towards friends of their trade and geographic area.

The 2022 CDR is supported by main info safety distributors:

· Platinum sponsors: (ISC)2, Gigamon, Imperva, Menlo Safety, PerimeterX, and ThreatX

· Gold sponsors: Aqua Safety, Attivo Networks, ConnectWise, Delinea, LookingGlass Cyber Options, Netsurion, and PhishLabs by HelpSystems

· Silver sponsors: Agari by HelpSystems, Binary Protection, Drawbridge, Eclypsium, Netwrix, SailPoint, and Telos Company

Now out there

The 2022 Cyberthreat Protection Report is obtainable from all sponsors or by visiting the CyberEdge Group web site at

Sarah Wiley

Account Coordinator

LaunchTech Communications

M: 301-800-8210

E: [email protected]