IT Brief Australia - Technology news for CIOs & IT decision-makers
Australia
Guides
#
artificial intelligence
#
digital transformation
#
disaster recovery
#
hybrid & remote work
#
internet of things
Search
Story image
#
Advanced Persistent Threat Protection
#
Breach Prevention
#
Cybersecurity

Ransomware attack costs on Australian firms soar, reveals Sophos

Wed, 1st May 2024
Author image
By Tom Raynel, Managing Editor

Cybersecurity firm Sophos reveals in its "State of Ransomware 2024" report that the consequences of ransomware attacks on Australian organisations are becoming progressively worse despite the incident rate decreasing. According to the report, ransomware attacks dropped by 14% compared to last year, yet the average payment has significantly increased.

In a striking comparison between 2023 and 2022 data, it was found that the average ransom payment from organisations was USD $6,002,186, marking an astronomical rise from the previous year's figure of USD $1,513,436 and the 2021 figure of USD $226,863. This represents an alarming 297% increase in the average ransom payment made within the last year, with the average ransom demand being approximately USD $6.8 million.

Sophos' report also reveals that the financial repercussion of a ransomware attack extends beyond the ransom payment. Aside from this, Australian organisations had to bear an average recovery cost of USD $2.37 million, up from the USD $1.72 million reported in 2023. This signifies an increment of more than USD $500,000. A noteworthy point is that the recovery time has considerably lengthened, with about 33% of organisations taking between one and six months to fully recover, a significant rise from 17% last year.

John Shier, Field CTO at Sophos, warns: "We must not let the slight dip in attack rates give us a sense of complacency. Ransomware attacks are still the most dominant threat today and are fueling the cybercrime economy. The skyrocketing costs of ransomware attacks belie the fact that this is an equal opportunity crime. The ransomware landscape offers something for every cybercriminal, regardless of skill."

Sophos interprets the data further to learn that organisations of diverse sizes are targets for ransomware attacks. Approximately 47% of small organisations with revenue of less than USD $10 million were hit by ransomware in the last year. On an encouraging note, the report substantiates a significant reduction in the rate of ransomware attacks - 54% of Australian organisations have suffered an attack compared to 70% in 2023 and a staggering 80% in 2022.

The analysis notably found that compromised credentials were the primary cause of attacks on Australian businesses, accounting for 37% of incidents. This was closely followed by exploited vulnerabilities, accounting for 32% of attacks. Data encryption was seen as a consequence of 49% of attacks, and disturbingly, 66% of organisations with encrypted data paid the ransom. Consequently, Australian organisations experienced a higher percentage of successful backup compromise attempts during these attacks, hitting a rate of 66%, the highest reported by any country.

Shier remarks, "Two most common root causes of ransomware attacks, exploited vulnerabilities and compromised credentials, are preventable. Businesses need to critically assess their levels of exposure to these root causes and address them immediately."

To protect themselves, organisations are advised by Sophos to understand their risk profiles, implement advanced endpoint protection, bolster defences with 24/7 threat detection, build incident response plans, and frequently back up and practice data recovery procedures.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
Vectra AI reveals critical flaw in Google Cloud Document AI
Attackers break malware into tiny pieces and bypass your Secure Web Gateway
Australian firms to boost cybersecurity budgets by next year
Australian firms underprepared for rising cyber threats
Crowdstrike unveils major Falcon Platform updates to streamline IT departments
Top stories
Industrial blockchain revolutionising transparency & security
Juniper Networks unveils AI-powered Wi-Fi 7 technology updates
Oracle unveils Java 23 with features to boost developer output
Australian councils urged to invest in tech for trust boost
Vultr partners with HEAVY.AI to boost GPU-accelerated analytics