Report: 53% of Organisations’s Data Attacked in 12 Months


Sophos, a cybersecurity firm has said about 53 per cent of organisation’s data in Nigeria, suffered cyber-attacks in the last 12 months.

The figure, which came from its recent global survey report, showed that more than half, about 51 per cent of organisations had experienced a significant ransomware attack in the previous 12 months, compared to 54 per cent in 2017.

In Nigeria, 53 per cent of the organisations surveyed mentioned a ransomware attack in the last one year.

According to the report, “Globally Data was encrypted in nearly three quarters, which is about 73 per cent of attacks that successfully breached an organisation, while in Nigeria, it was 74 per cent.

“The average cost of addressing the impact of such an attack, including business downtime, lost orders, operational costs, and more, but not including ransom, was more than $730,000.”

The report, however, warned organisations not to indulge in the payment of ransom, whenever they are attacked and subjected to pay ransom.
The report explained that the state of ransomware attack in 2020, revealed that paying cybercriminals to restore data encrypted during a ransomware attack would not be an easy and inexpensive path to recovery, stressing that the total cost of recovery almost doubles when organisations pay a ransom.

The survey polled 5,000 Information Technology (IT) decision makers in organisations in 26 countries across six continents, including Europe, the Americas, Asia-Pacific and central Asia, the Middle East, and Africa.

The report further said the average cost rose to $1.4 million, almost twice as much, when organisations paid the ransom.

More than one quarter, about 27 per cent of organisations hit by ransomware admitted paying the ransom. The survey also revealed that 38 per cent of the organisations that were attacked in Nigeria admitted to paying the ransom.

Analysing the report, Principal Research Scientist at Sophos, Chester Wisniewski, said: “OrganiSations may feel intense pressure to pay the ransom to avoid damaging downtime. On the face of it, paying the ransom appears to be an effective way of getting data restored, but this is illusory. Sophos’ findings show that paying the ransom makes little difference to the recovery burden in terms of time and cost. This could be because it is unlikely that a single magical decryption key is all that’s needed to recover. Often, the attackers may share several keys and using them to restore data may be a complex and time-consuming affair.”

According to the report, more than half, about 56 per cent of the IT managers surveyed were able to recover their data from backups without paying the ransom compared to 44 per cent in Nigeria. Globally in a very small minority of cases of about one per cent, paying the ransom did not lead to the recovery of data while in Nigeria it was in 10 per cent of cases, the report said, adding that the figure rose to 5 per cent for public sector organisations.

“In fact, 13 per cent of the public sector organisations surveyed never managed to restore their encrypted data, compared to 6 per cent overall.
However, contrary to popular belief, the public sector was least affected by ransomware, with just 45 per cent of the organisations surveyed in this category saying they were hit by a significant attack in the previous year. At a global level, media, leisure and entertainment businesses in the private sector were most affected by ransomware, with 60 per cent of respondents reporting attacks,” the report said.

The State of Ransomware 2020 survey was conducted by Vanson Bourne, an independent specialist in market research, in January and February 2020. The survey interviewed 5,000 IT decision makers in 26 countries, in the US, Canada, Brazil, Colombia, Mexico, France, Germany, the UK, Italy, the Netherlands, Belgium, Spain, Sweden, Poland, the Czech Republic, Turkey, India, Nigeria, South Africa, Australia, China, Japan, Singapore, Malaysia, Philippines and UAE. All respondents were from organisations with between 100 and 5,000 employees.