CFOtech Australia - Technology news for CFOs & financial decision-makers
Story image
IDC survey: Nearly 1/3 of data-ransomed businesses pay up
Tue, 27th Oct 2020
FYI, this story is more than a year old

Almost one-in-three (29%) Australian and New Zealand organisations who fell victim to ransomware attacks in the past two years had paid off the criminal groups responsible to regain access to their data.

This is according to IDC's ANZ Ransomware Survey, August 2020, commissioned by cloud data management company Rubrik.

This finding and others were included in an IDC InfoBrief: Building business resiliency in Australia and New Zealand using a ransomware remediation backup strategy, sponsored by Rubrik.

The InfoBrief is based on the survey, which polled technology and business leaders from more than 150 Australian and New Zealand organisations across a range of industries.

The survey found 18% of ANZ businesses had fallen victim to a ransomware attack in the past 24 months.

From an industry perspective, the sectors hardest hit were banking, financial services, and insurance (BFSI), in which 29% of respondents said they had experienced a ransomware attack, followed by the transport (24%) and education (22%) sectors.

Despite bullishness on the part of respondents about their willingness to pay ransomware attackers – with only 6% saying their organisation would consider such a course of action if their data were compromised by ransomware – the reality when confronted with an attack was very different.

Of those who had fallen victim to a ransomware attack, 29% of local organisations had paid off the attackers to regain access to their data.

This was prevalent in the BFSI (60%) and Government (33.3%) sectors.

Rubrik ANZ managing director Jamie Humphrey says the results are a sobering reminder of how important data is to business operations in the digital age.

“Unfortunately, faced with the prospect of either halting operations until data could be restored or paying criminal organisations to have their data returned, a significant number of local businesses thought they had no choice but to pay those holding their data hostage,” he says.

“Ransomware attacks are not only becoming more common, they're becoming more sophisticated too – one-third of local businesses that fell victim to ransomware reported that their back up data was compromised during the attack.

“This shows how important immutable backups and mature backup regimes are to business resiliency. With a comprehensive backup strategy, operations can be up and running within an hour by simply restoring from a point-in-time before an attack without having to engage the criminals. Secure backups are the best data insurance policy businesses have against these insidious attacks.

This sentiment was confirmed in the InfoBrief which found that 89% of ANZ businesses agreed that ransomware remediation was just as critical as prevention in an effective response strategy.

The findings are bolstered by the Australian Cyber Security Centre's latest Annual Cyber Threat Report, which not only found that ransomware had become one of the most significant threats facing Australian businesses and governments but also highlighted how “recovering from ransomware is almost impossible without comprehensive backups.

Other key findings from the IDC InfoBrief include:

  • 80% of organisations in Australia and New Zealand agreed that the volume and severity of ransomware attacks had increased in the past 24 months, and 74% agreed the attacks were becoming harder to detect and remediate.
     
  • The three greatest challenges local organisations anticipated when recovering from a ransomware attack were speed of recovery (29%), reliability of data recovery (25%), and initial detection of the attack (21%).|
     
  • One-third (33%) of ANZ organisations who fell victim to a ransomware attack took longer than a day to recover. Only 15% were able to remediate in less than hour.
     
  • The three cybersecurity threats ANZ organisations reported having increased the most in the past 24 months were phishing (51%), ransomware (43%), and targeted social engineering (42%).