TheCorporateCounsel.net

More than one-third of organizations worldwide have experienced a ransomware attack or breach in the last year, according to a survey announced recently by International Data Corporation. Thankfully, the incident rate is much lower in the US compared to the rest of the world – and the survey found that companies that are further along with their digital efforts are less likely to experience an event. That said, another attack on a sophisticated US company was also in the news earlier this month. The press release lays out some of the survey’s key findings:

– The incident rate was notably lower for companies based in the United States (7%) compared to the worldwide rate (37%).

– The Manufacturing and Finance industries reported the highest ransomware incident rates while the Transportation, Communication, and Utilities/Media industries reported the lowest rates.

– Only 13% of organizations reported experiencing a ransomware attack/breach and not paying a ransom.

– While the average ransom payment was almost a quarter million dollars, a few large ransom payments (more than $1 million) skewed the average.

Greater awareness of ransomware incidents has prompted organizations to undertake a variety of actions in response. These include reviewing and certifying security and data protection/recovery practices with partners and suppliers; periodically stress-testing cyber response procedures; and increased sharing of threat intelligence with other organizations and/or government agencies. Greater incident awareness has similarly prompted requests from boards of directors to review security practices and ransomware response procedures.

– Liz Dunshee