The research also underlines the increased risk to mitigation strategies presented by widespread skills shortages and over-reliance on internal resources. This indicates that, while organisations recognise that one of the best protections against a ransomware attack is the ability to recover from it, many are still struggling to counteract ransomware when prevention has failed.
The study,* conducted by ESG, co-sponsored by Zerto and published in a new e-book, “The Long Road Ahead to Ransomware Preparedness,” shows that ransomware attack frequency and impact remain a major concern. In fact, nearly three-quarters of organisations experiencing ransomware attacks in the past 12 months (73% of respondents in total) were negatively impacted.
Even within the most advanced organisations (rated by ESG to be ‘Leaders’ in ransomware preparedness), 75% suffered operational disruption, calling into question how complete ransomware recovery strategies are even for those considered most prepared. The threat is also proving to compound itself for victims. Sixty-one per cent of those who paid a ransom were then subjected to further extortion attempts resulting in extra payments being made on top of initial sums.
The research further underlines the risks associated with making ransom payments, with only 14% of respondents—one in seven—getting 100% of their data back even after acceding to a ransom demand. This illustrates that paying a ransom is no guarantee to getting a business completely back online.
Despite the volume and impact of attacks, nearly half of survey respondents (45%) are struggling with skills issues that will help them respond to a ransomware attack. In particular, they report skills and training gaps within certain areas of their teams and external contractors/vendors, while others are severely lacking critical people and skills.
“Unfortunately, many organisations remain seriously under-prepared to effectively mitigate against the risks and impact of ransomware attacks,” commented Christophe Bertrand, practice director at ESG. “This results in a significant number concluding they have no alternative but to pay ransom demands in the hope their data will be returned. Instead, leaders should be focusing on ransomware strategies that emphasise effective, rapid, and complete recovery.”
“It’s worrying that many organisations are experiencing a ‘perfect storm’ of vulnerability that results from inadequate technologies and under-resourced teams,” said Caroline Seymour, VP of product marketing at Zerto. “While preventing ransomware isn’t always possible, mitigating the threat is and, unlike typical backup solutions, Zerto’s continuous data protection (CDP) technology effectively addresses costly risks like data loss, downtime, and disruptive recovery testing.”
The data is clear: ransomware attacks are growing in volume and severity. Paying the ransom is no longer a guarantee of recovering your data, nor should it. Organisations require a CDP solution that provides recovery in minutes to a state seconds before an attack. Since it’s not a matter of if but when, organisations need to double down on data protection and recovery.