Businesses are getting much better at dealing with ransomware attacks

(Image credit: Pixabay)

Businesses are under the impression they’re getting better at detecting, stopping, and mitigating ransomware incidents. However, the number of successful attacks is still high, as is the number of businesses that ended up paying the ransom demand, new research has warned.

The “2023 global ransomware report”, published by Fortinet, which surveyed 569 cybersecurity leaders from the US, UK, France, India, Japan, and other countries, working in manufacturing, technology, transportation, and healthcare, found a vast majority (78%) being “very” or “extremely” prepared to mitigate a ransomware attack.

Many firms (72%) also said they would be capable of detecting an incident within hours - sometimes within minutes. 

Peak levels

But the report also says that the global threat of ransomware “remains at peak levels”. Half of the organizations of all sizes, in all regions, and in numerous industries, fell victim last year. In fact, almost half were targeted two or more times. Almost three-quarters made “some form” of ransom payment, it was said.

Firms in the manufacturing sector received higher ransoms and were more likely to pay the fee, the survey found. A quarter of attacks among manufacturing organizations received a ransom of $1M or higher. 

For the survey’s respondents, the top challenges to stopping such an attack were related either to people, or processes. Many organizations were said to be lacking clarity on how to secure against such a threat, despite being in the know of a “range of technologies” designed for that purpose. Most firms are prioritizing an integrated approach to security, the report said.

Next year, most firms will increase their security budgets, and will focus on things like Artificial Intelligence (AI) and Machine Learning (ML) technologies. These promise faster detection times, centralized monitoring tools to speed up response times, and better preparation of both people, and processes.

Cyber-insurance also plays a major role, but so far it doesn’t have much to show for itself. While almost all firms (88%) purchased some type of insurance, almost 40% didn’t receive the coverage they expected. In some cases, they weren’t paid out at all - because of an “exception” from the insurer.

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.