Fewer than half of organizations worldwide have a formal ransomware response plan in place, Thales research finds.
Organizations are still not addressing cybersecurity issues adequately enough despite high awareness of the risks of attacks, a new study said.
For example, in a study of 2,700 executives and IT security professionals in 17 countries, 20 percent of the U.S. respondents said their organizations had been hit by a ransomware attack but 40 percent had no plans to up their cybersecurity defense spending, according to Thales, a Paris, France-based security provider, in newly released research. Moreover, in the U.S. slightly more than half (52%) of organizations have a formal ransomware response plan in place while worldwide less than half (48%) have that level of preparedness.
Thales’ researchers categorized the study’s results by data exposure, cloud adoption and future threats. Here are some of the key U.S. findings:
- 24% of U.S. respondents said they have paid or would pay a ransom for their data.
- Malware was the leading source of attacks (53%), followed by ransomware (49%) and phishing/whaling attacks (42%).
- Of those IT respondents globally who were attacked, 55% say their internal operations were impacted, including 19% who said they were significantly affected and required remediation.
Here are some global highlights:
- Financial loss, such as lost sales and legal expenses, has been or would be the greatest impact from a ransomware attack, according to 23%. Others include lost productivity (19%), recovery costs (18%), data exfiltration (16%), brand reputation (11%) and customer loss (7%).
- 22% of respondents worldwide said they have paid or would pay a ransom for their data.
- 41% of respondents worldwide say they have no plans to change security spending.
- 28% have added additional budget for ransomware tools.
Here are some of the study’s findings on data visibility.
- 34% of IT leaders in the U.S. said they are very confident about where their data is being stored, down 3% from the prior year’s study.
- Only 16% said they have complete knowledge of where it is stored.
- 43% of U.S. IT leaders failed a compliance audit in the past 12 months.
Here are some of the study’s findings on cloud adoption:
- 40% of U.S. respondents use more than 50 software-as-a-service (SaaS) applications, including 21% who use more than 100 apps.
- 51% of U.S. IT leaders said it is more complex to manage privacy and data protection regulations in a cloud environment than in on-premises networks within their organization.
- 33% of U.S. respondents said that roughly half of their workloads and data reside in external cloud. 29% report more than 60%.
- 42% of U.S. respondents say they are slightly or not at all confident that their current security systems can effectively secure remote work.
And, some data on what’s to come:
- 24% in the U.S. said broad cloud security tool sets are the greatest future spending priority.
- 34% in the U.S. said they expect to prioritize spending on key management in the future, with Zero Trust an important strategy for 32%.
- On security threats from quantum computing, 57% in the U.S. are concerned with risk of network decryption, followed by key distribution (53%) and future decryption of today’s data (52%).