Ransomware cost almost US$2.5 M per organisation in 2023: ExtraHop

ExtraHop, a cloud-native network detection and response (NDR) provider, has found organisations are generally ill-equipped to manage and mitigate their cyber risk following a significant increase in ransomware attacks and cybersecurity incident downtime.

Although the majority (88%) of IT and cybersecurity decision makers said in ExtraHop's 3rd annual Global Cyber Confidence Index report that they are confident in their organisations’ ability to manage cyber risk, most acknowledged that they are frequently the victim of ongoing threats, and falling behind when it comes to identifying and remediating threats. 

Source: ExtraHop. Required increase in budgets for effective cyber risk management range from 1% to 200%, with the majority voting for between 11% and 50%.
Source: ExtraHop Global Cyber Confidence Index. Required increase in budgets for effective cyber risk management range from 1% to 200%, with the majority voting for between 11% and 50%.

Over one in five (22%) respondents deemed ransomware the biggest risk to their organisation - an unsurprising finding as about half say they are still running at least one insecure network protocol that threat actors are known to exploit in ransomware attacks. Highlighting this concern, 58% said they experienced six or more ransomware incidents in 2023 (up 32% year over year). Healthcare was among the top industries impacted by ransomware, with organisations averaging nine incidents each last year.

Of those surveyed, almost all that experienced a ransomware attack paid up; in 2023, 91% paid the ransom, compared to 83% in 2023 and 72% in 2022. On average, the research found ransomware payments alone cost nearly US$2.5 M per organisation in the last year - before adding in the unrealised costs associated with remediation.

When discussing the impact cybersecurity pitfalls have on their businesses, respondents said they averaged 56 hours of downtime following a security incident last year. Downtime for industrial companies hit slightly higher at 58 hours, and, with recent research calculating the median cost of industrial downtime at nearly US$125,000 per hour, these companies could lose upwards of US$7.25 M per incident.

The largest organisations surveyed (5,000+ employees) experienced the most downtime at nearly 62 hours on average per incident. Globally, France led downtime at 68 hours, with Australia in 3rd place (62 hours).

Barriers hindering organisations from effectively managing cyber risk include immature risk management processes (21%), the inability to catch up in a fast-paced industry (18%), a lack of alignment between the cybersecurity organisation and the business (16%), outdated technology (15%), insufficient personnel resources (14%), and insufficient budgets (13%).

However, more than a third (38%) of respondents agreed that using AI and machine learning to help manage and mitigate cyber risk is a top priority for their organisation this year.

“Cyber risks are inevitable and no single organisation is immune to the threat bad actors pose to their business,” said Raja Mukerji, co-founder and Chief Scientist, ExtraHop. 

“With ransomware and downtime on the rise and ripple effects being felt throughout entire organisations, leaders are recognising an inherent need to prioritise cybersecurity, and, better yet, business resilience. 

"With greater visibility into and awareness of the current threat landscape, they can better identify their weaknesses, shore up their defenses, and develop an action plan that keeps disruption to employees, customers, and other stakeholders to a minimum.”

Explore

Download the 2024 Global Cyber Confidence Index.

*The survey was conducted by Censuswide.

Comments

Post a Comment

Popular posts from this blog

Fortinet enhances FortiRecon to align with CTEM framework

Fortinet, the global cybersecurity provider driving the convergence of networking and security, has turned the FortiRecon platform into a comprehensive solution aligned with the continuous threat exposure management (CTEM) framework. The latest release introduces expanded internal attack surface monitoring, adversary-centric dark web intelligence, and security orchestration, all in a unified platform. These enhancements help organisations proactively identify and prioritise real-world exposures, validate risks like an attacker would, and accelerate response. “CISOs and security teams are overwhelmed by growing attack surfaces and an endless stream of unprioritised alerts,” said Nirav Shah, Senior VP of Products and Solutions at Fortinet. “With the latest enhancements to FortiRecon , we’re giving organisations an attacker’s eye view of their internal and external exposures, backed by AI-powered threat intelligence from FortiGuard Labs, real-world validation, and automated response...
Read more

SentinelOne recognised as a 2025 Gartner Peer Insights Customers’ Choice for XDR

SentinelOne, a global provider of AI-powered security, has been named a Customers’ Choice in the 2025 Gartner Peer Insights ‘Voice of the Customer’ for Extended Detection and Response (XDR) report* – one of only two companies with this distinction. A hundred and forty-four users reviewed SentinelOne's Singularity Platform, and 97% said they would recommend the solution to respond to threats across endpoints with AI-powered security, while 97% rated the solution four stars or better.** “With the growing complexity of cyberthreats, organisations need more than siloed security—they need AI-powered, autonomous protection that delivers real-time detection and response across their entire attack surface. Customers have made it clear that SentinelOne’s XDR provides the intelligence, automation, and efficiency they need to stay ahead of threats and secure their environments with confidence,” said Ely Kahn, VP, Product Management, SentinelOne. Gartner defines extended detection and ...
Read more

AWS: AI adoption grows 20% in Singapore

Image
Amazon Web Services (AWS), an Amazon.com company, has found* that AI adoption continues to accelerate in Singapore. In the past year alone, 27,000 1 Singapore businesses adopted AI for the first time—equivalent to over three new adopters every hour. In sum, nearly 170,000 (48%) of businesses in Singapore have adopted AI 2 , up from approximately 143,000 (40%) a year ago. This represents a 20% year-over-year growth rate, AWS said. AI adoption is the strongest in the financial services industry (71%), followed by the technology sector ( software developers, data analytics firms, cloud service providers, and digital startups) at 70%, and healthcare at 63%. Among Singapore’s businesses that have adopted AI, 82% reported an increase in revenue, at an average increase of 19%, while 90% report significant productivity improvements. A large majority (85%) of those who have adopted AI say the technology is likely to increase their growth in the next year, and 89% expect an average of 17%...
Read more