As ransomware threat increases, a shift in minimum cyber insurance standards is hardening digital defenses

In the last decade, the threat of ransomware and other cyberactivity has increased dramatically—more than ever, targeted organizations are paying the criminal perpetrators to have their information restored. 

“Over the last year there has been an almost threefold increase in the proportion of victims paying ransoms of $1 million or more: up from 4 percent in 2020 to 11 percent in 2021,” according to a new report from Sophos, “The State of Ransomware 2022,” which surveyed 5,600 internet technology professionals, including many in the public sector. The research was conducted independently by Vanson Bourne across 31 countries during January and February of this year.  

This increase correlates with a few other data points that are also on the rise, like the average amount being paid for ransoms (about $130,000 currently in the United States) and the frequency of attacks, which are up nearly 80 percent year-over-year. 

Sixty-six percent of those surveyed said their organization been targeted in the last year, representing a 78 percent jump from 2020.  

Of nearly 200 respondents in the public sector, 58 percent reported experiencing some sort of ransomware cyberattack. A little more than 30 percent among those who did paid the ransom. 

In sectors that are adjacent to local government—three-quarters of which reported a ransomware attack in the last year—the payout percentage was higher. Among managers overseeing energy and public utility organizations, for example, 55 percent of those who’d experienced an attack reported their organizations had paid to regain access to locked information. 

The data demonstrates a concerning trend experts have been warning about for some time: “Adversaries have become considerably more capable at executing the most significant attacks at scale. This likely also reflects the growing success of the ransomware-as-a-service model which significantly extends the reach of ransomware by reducing the skill level required to deploy an attack,” the report says. 

To read the complete article, visit American City & County.