Financial losses related to ransomware attacks is on the rise, with senior management often proving to be the kink in the chain, research reveals.
The median cost per ransomware more than doubled in the past two years to $25,000, with 95 per cent of incidents experiencing a loss costing between $1 and $2.25 million in the APAC region. Ransomware encrypts an organisation’s data and then extorts large sums of money to restore access.
The growing cost coincides with a dramatic rise in frequency of ransomware attacks over the past couple of years, now greater than the previous five years combined.
The prevalence held steady this year, representing almost a quarter of all breaches (24 per cent).
The findings, revealed in the Verizon 2023 Data Breach Investigations Report analysed 16,000 security incidents and 5,000 breaches, including 699 incidents in the APAC region.
This year’s Verizon Business report reveals that ransomware attacks are now sitting at roughly the same levels as last year at one in four data breaches, but what has changed is the cost of a ransomware attack – it has since doubled.
Ransomware is the most serious cyber crime threat to Australia due to its high financial impact and other disruptive impacts to victims and the broader community, according to the Australian Cyber Security Centre.
A government report on the threat of ransomware found these incidents cost the Australian economy as much as $2.59 billion annually, with organisations reportedly paying on average $250,000 per incident.
In cases where organisations are losing money, the human element still makes up the overwhelming majority of incidents, and is a factor in 74 per cent of total breaches.
One of the most common ways to exploit human nature is social engineering, which involves manipulating an organisation’s sensitive information through tactics like phishing.
In particular, senior leadership represents a growing cyber security threat for many organisations, managing director of cyber security consulting at Verizon Business, Chris Novak said.
“Not only do they possess an organisation’s most sensitive information, they are often among the least protected, as many organisations make security protocol exceptions for them.
“With the growth and increasing sophistication of social engineering, organisations must enhance the protection of their senior leadership now to avoid expensive system intrusions,” said Novak.
Key findings reveal that social engineering and other forms of malicious communications is growing exponentially, with social engineering, system intrusion and basic web application attacks representing 93 per cent of data breaches across Asia Pacific.
It found that Australians are feeling this pain acutely, with mobile apps and devices the leading targets for cyber security attacks, and are increasingly looking to the government for leadership to help quell the tide.
“Globally, cyber threat actors continue their relentless efforts to acquire sensitive consumer and business data. The revenue generated from that information is staggering, and it’s not lost on business leaders,” Craig Robinson, research vice president at IDC said.
A government report also states that Ransomware-as-a-Service has been gaining traction globally, enabling criminals to purchase ransomware from skilled ransomware developers and conduct attacks without significant technical expertise.