According to a recent survey by the Ponemon Institute, Check Point Software and cyber advisory firm CBI, 80% of companies experienced one or more ransomware attacks in the past year, a massive jump from 51% when the survey was conducted in 2017. When attacked, 53% of respondents said their company paid the ransom, with payments averaging over $1 million. Those who paid most frequently cited concerns that they could not afford the downtime—a concern that may not be unfounded, as 45% of companies had to shut down for a period in the wake of an attack, and 40% reported losing customers.
As ransomware continues to pose one of the greatest cyberthreats, companies are facing steep increases in the costs of both protecting against and responding to attacks. On average, incident response took 14 staff members spending 190 hours each to contain and remediate their company’s largest ransomware attack, costing approximately $170,000 on staffing alone.
The survey also offered additional insight into ransomware-related changes in the cyber insurance market. Most respondents (64%) do not have a cyber insurance policy that covers ransomware, and of the 36% that believe their policy does have such coverage, 40% said their insurer had modified its ransomware protection to reduce the level of coverage.