Even the most complex and advanced business VPN tools could still leave you at risk of attack - here's how to stay safe

News
By published

Cisco and Citrix VPN users are at a high risk, experts warn

A mobile phone with a generic VPN screen and a world map of the server network in the background.
(Image credit: Getty Images / NurPhoto)
  • Report finds VPN complexity and poor maintenance driving surge in ransomware incidents
  • Cloud-based VPN alternatives can lower exposure to ransomware and direct attacks
  • Complex on-premise VPN systems often result in outdated configurations

Businesses relying on older on-premise VPN devices could be facing higher ransomware risks, findings from At-Bay’s 2025 InsurSec Report have claimed.

The analysis of cyber insurance claims found organizations using Cisco and Citrix VPN systems were 6.8 times more likely to be hit by ransomware than those without such devices.

The study, based on more than 100,000 policy years of data collected between January 2024 and March 2025, looked at incidents among about 40,000 insured customers in the United States.

SonicWall VPN also at risk

At-Bay said it adjusted its analysis to account for how common each product is in customer environments.

At-Bay’s CISO for Customers, Adam Tyra, told The Register, "We think the takeaway is clear: Companies relying on on-premise VPN devices from vendors like Cisco and Citrix should strongly consider transitioning to modern cloud-based, remote access solutions."

Businesses wanting to be safe should check out our recommendations for best VPNs and best VPNs with antivirus.

The report found SonicWall VPN users were 5.8 times more likely to experience ransomware, following a 300 percent surge in Akira attacks during the third quarter, with Palo Alto Global Protect at 5.5X and Fortinet at 5.3X.

Businesses using an on-premise VPN of any kind were 3.7X more likely to fall victim to an attack than those using a cloud-based VPN or without any VPN, At-Bay reported.

"We're not suggesting these products are inherently insecure, but they are complex and require consistent maintenance," Tyra said. "While many organizations can deploy them securely, far fewer can maintain them properly over time, leading to missed patches and outdated configurations."

The report added that 80 percent of ransomware cases began when attackers gained access through remote access tools, with 83 percent of those involving VPN devices. It attributed this to increasing device complexity.

Tyra said, "The bottom line is that traditional on-premise VPNs are often too difficult for most companies to operate securely." He added that cloud-based Secure Access Service Edge products "significantly reduce exposure to direct attacks compared to traditional VPNs."

Neither Cisco nor Citrix responded to The Register’s requests for comment.

Best antivirus software header
The best antivirus for all budgets

➡️ Read our full guide to the best antivirus
1. Best overall:
Bitdefender Total Security
2. Best for families:
Norton 360 with LifeLock
3. Best for mobile:
McAfee Mobile Security

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!

And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.

Wayne Williams
Wayne Williams
Editor

Wayne Williams is a freelancer writing news for TechRadar Pro. He has been writing about computers, technology, and the web for 30 years. In that time he wrote for most of the UK’s PC magazines, and launched, edited and published a number of them too.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.