The percentage of companies impacted by ransomware attacks has slightly declined from 75% to 69%, but the threat remains substantial, according to a report from Veeam.
This decrease is attributed to improved preparation and resilience practices, as well as increased collaboration between IT and security teams.
However, as ransomware attacks from both established groups and “lone wolf” actors proliferate, organisations must adopt proactive cyber resilience strategies to mitigate risks and recover more swiftly and effectively from incidents.
Veeam surveyed 1,300 organisations, 900 of which had experienced at least one ransomware attack resulting in encryption or exfiltration in the past 12 months.
Respondents comprised chief information security officers (CISOs) or executives with similar responsibilities, as well as security professionals and IT leaders from across the Americas, Europe, and Australia.
“Organisations are improving their defenses against cyber-attacks, yet seven out of 10 still experienced an attack in the past year. And of those attacked, only 10% recovered more than 90% of their data, while 57% recovered less than 50%,” said Anand Eswaran, CEO of Veeam.
Veeam found that in 2024, coordinated efforts by law enforcement agencies led to significant disruptions in major ransomware groups, such as LockBit and BlackCat. However, the rise of smaller groups and independent attackers has increased, necessitating ongoing vigilance.
The report notes a troubling trend toward exfiltration-only attacks – when cybercriminals break into an organisation’s network but do not encrypt or lock the data. Instead, they focus on stealing sensitive information—like personal data, financial records, or intellectual property—and transferring it outside the organisation.
The total value of ransomware payments fell in 2024, with 36% of affected organisations opting not to pay a ransom. Of those that did pay, 82% paid less than the initial ransom and 60% paid less than half that sum, emphasising the importance of robust recovery strategies.
New regulations and legal frameworks are discouraging ransom payments, with initiatives like the International Counter Ransomware Initiative urging organisations to strengthen their defenses rather than capitulate to attackers.
Enhanced communication between IT operations and security teams, along with partnerships with law enforcement and industry players, has proven vital in fortifying defenses against ransomware.
While organisations are allocating more resources to security and recovery efforts, there remains a significant gap in investment relative to the growing threat landscape.
Organisations that prioritise data resilience can recover from attacks up to seven times faster and experience significantly lower data loss rates. These successful organisations share several common attributes, including robust backup and recovery strategies, proactive security measures, and effective incident response plans.
The report emphasises the importance of shifting from reactive security to proactive cyber resilience strategies to meet the challenges of ransomware.
Findings from the report also encouraged organisations to adopt the 3-2-1-1-0 data resilience rule, ensuring that backups are immutable and free from malware before restoration.
Pre-attack confidence among ransomware victims often doesn’t reflect reality, as 69% believed they were prepared before being attacked, while their confidence plummeted by over 20% afterward, revealing significant gaps in planning.
While 98% of respondents had a ransomware playbook, less than half of organisations had key technical elements included, such as backup verifications and frequencies (44%) and a pre-defined “chain of command” (30%).
Notably, CIOs experienced a 30% decline in their preparedness rating post-attack, compared to a 15% drop for CISOs, suggesting that CISOs have a clearer grasp of their organisation’s security posture.
These findings underscore the importance of fostering organisational alignment in cyber resilience and preparation, emphasising the need for regular training and exercises across all teams to ensure a coordinated response during and after an attack.
