Connect with us
Finance Digest is a leading online platform for finance and business news, providing insights on banking, finance, technology, investing,trading, insurance, fintech, and more. The platform covers a diverse range of topics, including banking, insurance, investment, wealth management, fintech, and regulatory issues. The website publishes news, press releases, opinion and advertorials on various financial organizations, products and services which are commissioned from various Companies, Organizations, PR agencies, Bloggers etc. These commissioned articles are commercial in nature. This is not to be considered as financial advice and should be considered only for information purposes. It does not reflect the views or opinion of our website and is not to be considered an endorsement or a recommendation. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third-party websites, affiliate sales networks, and to our advertising partners websites. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish advertised or sponsored articles or links, you may consider all articles or links hosted on our site as a commercial article placement. We will not be responsible for any loss you may suffer as a result of any omission or inaccuracy on the website.

TECHNOLOGY

Semperis’ 2024 Ransomware Study reveals 78% of attack victims paid ransom and three quarters suffered multiple strikes

Published On :

Semperis’ 2024 Ransomware Study reveals 78% of attack victims paid ransom and three quarters suffered multiple strikes

Survey of nearly 1,000 IT and security professionals shows 83% of organisations were targeted by ransomware attacks in the past year with a high degree of success, sounding alarming trends in attack frequency, severity and consequences.

HOBOKEN, NJ – July 30, 2024 – Semperis, a pioneer in identity-driven cyber resilience, today published the results of its global ransomware study of nearly 1,000 IT and security professionals at organisations spanning multiple industries across the US, UK, France, and Germany. The study aims to understand the prevalence, frequency and costs of ransomware attacks—in both ransom payments and collateral damage. 

The results highlight an alarming trend toward multiple, sometimes simultaneous attacks, forcing business leaders to re-evaluate their cyber resilience strategies to address common points of failure, including inadequate identity system backup and recovery practices.   

“Considering that there is a 24/7 threat arrayed against today’s organisations, you can never say ‘I am safe’ or take a moment off. The best you can do is to make your environment defensible and then defend it,” said Chris Inglis, Semperis Strategic Advisor and first U.S. National Cyber Director. “At the centre of this whole discussion is business viability. Attackers are trying to hold that at risk so that they can then convince you to buy them out. If they can achieve a successful attack on identity, then they own privilege, and they can then use that privilege to their benefit.”

The study was conducted by Semperis in the first half of 2024. Key findings: 

  • Ransomware attacks are not a one-time threat: Overall, 74% of respondents that were attacked for ransom in the past 12 months were attacked multiple times—many within the span of a week. In the UK, 83% of organisations that were attacked were targeted more than once.
  • Companies are not prepared to beat ransomware: 78% of targeted organisations paid the ransom. In the UK, 73% paid multiple times, and 38% of those paid ransom four times or more.
  • Few companies see an alternative to ransom payment: 87% of attacks caused business disruption—even for those that paid ransom—including data loss and the need to take systems offline. For 16% of respondents, the attack created a life-or-death dilemma. In the UK, 14% of respondents said it was a matter of life and death.
  • Paying ransom does not guarantee a return to normal business operations: 35% of victims who paid ransom either did not receive decryption keys or received corrupted keys. (UK: 43%)
  • Recovery Time Objectives (RTOs) are not being met: 49% of respondents (UK: 51%) needed 1 to 7 days to recover business operations to minimal IT functionality after a ransomware attack, and 12% (UK: 13%) needed 7 days or more.

Few companies maintain comprehensive, dedicated identity protection

 Although 72% of UK respondents said they had an identity recovery plan, signalling strong progress towards IAM-centric security, only 32% reported having dedicated, AD-specific backup systems. Without AD-specific, malware-free backups and a tested, cyber-specific recovery plan, recovery will be prolonged, increasing the chance that the organisation will decide to pay ransom to restore business operations. 

“For management and the Board to make an educated decision not to pay ransom, they need to know how long recovery will take and have confidence in the process. That means you must test your plan in as close to a real-world scenario as possible and present it to the Board before an attack occurs. That way, when disaster strikes, decision makers will have been confident in their ability to say ‘no’ to attackers,” said Mickey Bresman, CEO, Semperis. 

Of the ongoing cybersecurity challenges organisations cited, lack of support from the Board of Directors topped the list. Other concerns included budget constraints, staffing shortages, outdated systems and cybersecurity regulations and directives. 

“Technology can help us analyse and assess what’s happening, moment by moment,” Inglis said. “It can help us respond more quickly and recover more quickly. But the thing that is most wanting now is a collective realisation that we all have a part to play. That starts with the Board, not with the IT shop. The Board is accountable; the SEC has made that clear. Regulations are increasingly making it clear: cybersecurity is a business issue.”

The full ransomware study, which includes breakdowns of responses by vertical market and by country, is available at https://www.semperis.com/ransomware-risk-report/.

For more information about how Semperis helps global organisations improve cyber resilience, visit the Semperis Identity Resilience Platform page at https://www.semperis.com/identity-resilience-platform/

About Semperis 

For security teams charged with defending hybrid and multi-cloud environments, Semperis ensures the integrity and availability of critical enterprise directory services at every step in the cyber kill chain and cuts recovery time by 90%. Purpose-built for securing hybrid identity environments—including Active Directory, Entra ID, and Okta—Semperis’ patented technology protects over 100 million identities from cyberattacks, data breaches and operational errors. 

The world’s leading organisations trust Semperis to spot directory vulnerabilities, intercept cyberattacks in progress and quickly recover from ransomware and other data integrity emergencies. Semperis is headquartered in Hoboken, New Jersey, and operates internationally, with its research and development team distributed throughout the United States, Canada and Israel. 

Semperis hosts the award-winning Hybrid Identity Protection conference and podcast series (www.hipconf.com) and built the community hybrid Active Directory cyber defender tools, Purple Knight (www.semperis.com/purple-knight/) and Forest Druid (www.semperis.com/forest-druid/). The company has received the highest level of industry accolades, recently named to Inc. Magazine’s list of best workplaces for 2024 and ranked the fastest-growing cybersecurity company in America by the Financial Times. Semperis is a Microsoft Enterprise Cloud Alliance and Co-Sell partner and is a member of the Microsoft Intelligent Security Association (MISA). 

Continue Reading

Why pay for news and opinions when you can get them for free?

       Subscribe for free now!


By submitting this form, you are consenting to receive marketing emails from: . You can revoke your consent to receive emails at any time by using the SafeUnsubscribe® link, found at the bottom of every email. Emails are serviced by Constant Contact

Recent Posts