The State of Ransomware 2020

5,000 IT managers from 26 countries share their experiences

Stories of organisations crippled by ransomware regularly dominate the IT news headlines, and accounts of six- and seven-figure ransom demands are commonplace. But, do the news stories tell the full story?

To understand the reality behind the headlines, Sophos commissioned an independent survey of 5,000 IT managers across 26 countries. The findings provide brand new insight into what actually happens once ransomware hits. Be prepared to be surprised.

Read The State of Ransomware 2020 Report

The 2020 ransomware reality

The survey provides fresh new insight into the experiences of organisations hit by ransomware, including:

Almost three quarters of ransomware attacks result in the data being encrypted.
51% of organisations were hit by ransomware in the last year. The criminals succeeded in encrypting the data in 73% of these attacks.
26% of victims whose data was encrypted got their data back by paying the ransom.
A further 1% paid the ransom but didn’t get their data back. Overall, 95% of organisations that paid the ransom had their data restored.
94% of organisations whose data was encrypted got it back.
More than twice as many got it back via backups (56%) than by paying the ransom (26%).
Paying the ransom doubles the cost of dealing with a ransomware attack.
The average cost to rectify the impacts of the most recent ransomware attack (considering downtime, people time, device cost, network cost, lost opportunity, ransom paid etc.) is US$732,520 for organisations that don’t pay the ransom, rising to US$1,448,458 for organisations that do pay.
Despite the headlines, the public sector is less affected by ransomware than the private.
45% of public sector organisations were hit by ransomware last year, compared to a global average of 51%, and a high of 60% in the media, leisure, and entertainment industries.
One in five organisations has a major hole in their cybersecurity insurance.
84% of respondents have cybersecurity insurance, but only 64% have insurance that covers ransomware.
Cybersecurity insurance pays the ransom.
For those organisations that have insurance against ransomware, 94% of the time when the ransom is paid to get the data back, it’s the insurance company that pays.
Most successful ransomware attacks include data in the public cloud.
59% of attacks where the data was encrypted involved data in the public cloud. While it’s likely that respondents took a broad interpretation of public cloud, including cloud-based services such as Google Drive and Dropbox and cloud backup such as Veeam, it’s clear that cybercriminals are targeting data wherever it stored.

Sophos Intercept X: Protection against ransomware

Ransomware actors combine sophisticated attack techniques with hands-on hacking. Sophos Intercept X endpoint protection gives you the advanced protection technologies you need to disrupt the whole attack chain, including:

Encryption rollback. CryptoGuard technology blocks the unauthorised encryption of files and rolls them back to their safe state in seconds.
Exploit protection. Deny attackers by blocking the exploits and techniques used to distribute malware, steal credentials, and escape detection.
AI-powered threat protection. Artificial intelligence detects both known and unknown malware without relying on signatures.

Speak to a Specialist to learn more

Speak to a Specialist

The State of Ransomware 2020

5,000 IT managers from 26 countries share their experiences

Stories of organisations crippled by ransomware regularly dominate the IT news headlines, and accounts of six- and seven-figure ransom demands are commonplace. But, do the news stories tell the full story?

To understand the reality behind the headlines, Sophos commissioned an independent survey of 5,000 IT managers across 26 countries. The findings provide brand new insight into what actually happens once ransomware hits. Be prepared to be surprised.

The 2020 ransomware reality

The survey provides fresh new insight into the experiences of organisations hit by ransomware, including:

Almost three quarters of ransomware attacks result in the data being encrypted.
51% of organisations were hit by ransomware in the last year. The criminals succeeded in encrypting the data in 73% of these attacks.

26% of victims whose data was encrypted got their data back by paying the ransom.
A further 1% paid the ransom but didn’t get their data back. Overall, 95% of organisations that paid the ransom had their data restored.

94% of organisations whose data was encrypted got it back.
More than twice as many got it back via backups (56%) than by paying the ransom (26%).

Despite the headlines, the public sector is less affected by ransomware than the private.
45% of public sector organisations were hit by ransomware last year, compared to a global average of 51%, and a high of 60% in the media, leisure, and entertainment industries.

One in five organisations has a major hole in their cybersecurity insurance.
84% of respondents have cybersecurity insurance, but only 64% have insurance that covers ransomware.

Cybersecurity insurance pays the ransom.
For those organisations that have insurance against ransomware, 94% of the time when the ransom is paid to get the data back, it’s the insurance company that pays.

Sophos Intercept X: Protection against ransomware

Ransomware actors combine sophisticated attack techniques with hands-on hacking. Sophos Intercept X endpoint protection gives you the advanced protection technologies you need to disrupt the whole attack chain, including:

Encryption rollback. CryptoGuard technology blocks the unauthorised encryption of files and rolls them back to their safe state in seconds.

Exploit protection. Deny attackers by blocking the exploits and techniques used to distribute malware, steal credentials, and escape detection.

AI-powered threat protection. Artificial intelligence detects both known and unknown malware without relying on signatures.

Speak to a Specialist to learn more

This website uses cookies

The State of Ransomware 2020

5,000 IT managers from 26 countries share their experiences

Stories of organisations crippled by ransomware regularly dominate the IT news headlines, and accounts of six- and seven-figure ransom demands are commonplace. But, do the news stories tell the full story?

To understand the reality behind the headlines, Sophos commissioned an independent survey of 5,000 IT managers across 26 countries. The findings provide brand new insight into what actually happens once ransomware hits. Be prepared to be surprised.

The 2020 ransomware reality

The survey provides fresh new insight into the experiences of organisations hit by ransomware, including:

Almost three quarters of ransomware attacks result in the data being encrypted. 51% of organisations were hit by ransomware in the last year. The criminals succeeded in encrypting the data in 73% of these attacks.

26% of victims whose data was encrypted got their data back by paying the ransom. A further 1% paid the ransom but didn’t get their data back. Overall, 95% of organisations that paid the ransom had their data restored.

94% of organisations whose data was encrypted got it back. More than twice as many got it back via backups (56%) than by paying the ransom (26%).

Despite the headlines, the public sector is less affected by ransomware than the private. 45% of public sector organisations were hit by ransomware last year, compared to a global average of 51%, and a high of 60% in the media, leisure, and entertainment industries.

One in five organisations has a major hole in their cybersecurity insurance. 84% of respondents have cybersecurity insurance, but only 64% have insurance that covers ransomware.

Cybersecurity insurance pays the ransom. For those organisations that have insurance against ransomware, 94% of the time when the ransom is paid to get the data back, it’s the insurance company that pays.

Sophos Intercept X: Protection against ransomware

Ransomware actors combine sophisticated attack techniques with hands-on hacking. Sophos Intercept X endpoint protection gives you the advanced protection technologies you need to disrupt the whole attack chain, including:

Encryption rollback. CryptoGuard technology blocks the unauthorised encryption of files and rolls them back to their safe state in seconds.

Exploit protection. Deny attackers by blocking the exploits and techniques used to distribute malware, steal credentials, and escape detection.

AI-powered threat protection. Artificial intelligence detects both known and unknown malware without relying on signatures.

Speak to a Specialist to learn more

This website uses cookies

Almost three quarters of ransomware attacks result in the data being encrypted.
51% of organisations were hit by ransomware in the last year. The criminals succeeded in encrypting the data in 73% of these attacks.

26% of victims whose data was encrypted got their data back by paying the ransom.
A further 1% paid the ransom but didn’t get their data back. Overall, 95% of organisations that paid the ransom had their data restored.

94% of organisations whose data was encrypted got it back.
More than twice as many got it back via backups (56%) than by paying the ransom (26%).

Despite the headlines, the public sector is less affected by ransomware than the private.
45% of public sector organisations were hit by ransomware last year, compared to a global average of 51%, and a high of 60% in the media, leisure, and entertainment industries.

One in five organisations has a major hole in their cybersecurity insurance.
84% of respondents have cybersecurity insurance, but only 64% have insurance that covers ransomware.

Cybersecurity insurance pays the ransom.
For those organisations that have insurance against ransomware, 94% of the time when the ransom is paid to get the data back, it’s the insurance company that pays.