Among those hit by ransomware, 33 percent paid the ransom to recover their data, 54 percent refused to pay but recovered their data anyway, and 13 percent refused to pay and lost their data.
In general, the report found the percentage of organizations being hit by successful cyber attacks continues to rise, from 62 percent in 2014 to 70 percent in 2015, 76 percent in 2016, and 79 percent in 2017. Three in five respondents believe a successful cyber attack is likely in the coming year.
Still, three-quarters of respondents said their organization has adequate cyber insurance coverage. Less than nine percent express concern that coverage might be insufficient.
Nine out of 10 respondents said they’re being impacted by the global shortage of skilled cyber security personnel, and 51 percent said they’re leveraging external vendors and contractors to make up the difference.
Low Security Awareness a Key Issue
Key challenges faced by respondents in securing their networks include “low security awareness among employees” (for the fourth consecutive year), followed by “lack of skilled personnel” and “too much data to analyze.”
“If the definition of insanity is doing the same thing repeatedly and expecting a different result, then perhaps, as an industry, we’re going insane,” CyberEdge Group CEO Steve Piper said in a statement. “Each year, we invest more in security, yet frequency and severity of data breaches rise.”
The key reasons for that, Piper suggested, include insufficient security awareness training for employees and delayed patching of old vulnerabilities. “Investing in best-of-breed security defenses is always prudent, but to stop the bleeding, we’ve got to invest more in our human firewalls and reducing our network attack surfaces.”
Separately, Trend Micro’s TrendLabs 2016 Security Roundup [PDF] found a 752 percent increase in ransomware in 2016, with the number of ransomware families growing from 29 to 247 over the course of 12 months.
“As threats have diversified and grown in sophistication, cyber criminals have moved on from primarily targeting individuals to focusing on where the money is: enterprises,” Trend Micro chief cyber security officer Ed Cabrera said in a statement. “Throughout 2016, we witnessed threat actors extort companies and organizations for the sake of profitability, and we don’t anticipate this trend slowing down.”