Ransom was paid in 72% of ransomware cases in which companies sought professional assistance, says report by Centre for Risk Studies at Cambridge Judge Business School and Kivu Consulting based on a novel dataset.
Ransom aimed at retrieving data was paid in 72% of ransomware incidents in which companies sought professional assistance in responding to such cyber attacks, says a report by the Centre for Risk Studies at Cambridge Judge Business School, University of Cambridge, and cyber security firm Kivu Consulting. The report outlines the types of defences that companies can adopt to minimise risk from the rapidly growing threat of ransomware.
The most frequently impacted sectors for ransomware attacks from the dataset were industrials which includes capital goods manufacturing firms; professional services firms such as lawyers; transportation; healthcare and information technology.
Report cites 422 attacks that entered an incident response phase
The report is based on a dataset comprising 422 attacks carried out against 416 organisations that entered an “incident response phase” involving international cyber security firm Kivu Consulting between May 2019 to March 2022. The report states the total paid in ransom was $147.9 million out of a total ransom demand of $249.4 million, showing the power of negotiation. The US accounts for 80% of the captured ransomware events, followed by the UK at 9% and Canada and Australia at 2% each.
The authors acknowledge that the 72% ransom-paid percentage is far higher than the percentage cited in other industry reports on the payment of ransoms.
“This is due to the source of this report’s data being a ransom negotiation and recovery firm, which would not have been retained if the victim organisations were able to quickly recover from backups without the need to pay a ransom or even negotiate,” says the report, entitled Mitigating ransomware risk: determining optimal strategies for businesses.
“Put simply, the Aggregate Dataset captures only incidents in which companies sought professional assistance in responding to attacks.”
Ransomware has soared following the COVID-19 pandemic
The report says that the impact of ransomware in cyber risk grew dramatically following the onset of the COVID-19 (Coronavirus) pandemic, with ransomware becoming responsible for the highest number of insurance claims (leaping from 13% in 2019 to 54% in 2020, according to one report cited). Insurer Aon reported earlier this year that ransomware attacks were up 323% from the first quarter of 2019 to the fourth quarter of 2021.
How to minimise your firm’s risk
The report, whose “dataset and analysis are novel in the academic space”, identifies the types of controls that are most effective in preventing or mitigating ransomware attacks – including malware defences, controlled use of administrative privilege, and the maintenance and analysis of audit logs. While the following controls were identified as offering the greatest cost savings in terms of ransom payment size – incident response and management, continuous vulnerability management and maintenance and analysis of audit logs.
“These controls are particularly good at blocking or limiting the impact of larger, more sophisticated attacks where the threat actor performs reconnaissance within the victim’s network and incidents in which data is exfiltrated,” says the report, which urges regular review of defences as attacker groups regularly change their techniques tactics or procedures (TTPs) for gaining access to networks.
“This is the first study analysing real-world event data which will better inform a more strategic approach to cyber security risk management,” said Jennifer Copic, Senior Risk Researcher at the Centre for Risk Studies (CCRS) at Cambridge Judge Business School. “This research partnership with CCRS is designed to quantify the value of specific cybersecurity defences and connect it with the company’s bottom line,” said Winston Krone, Co-Founder and Chief Research Officer at Kivu Consulting.