61 percent of organizations experienced ransomware impacts in 2020
- Published: Wednesday, 21 April 2021 08:28
The annual Mimecast ‘The State of Email Security’ report has been released and shows that enterprises faced unprecedented cyber security risk in 2020 from increasing attack volume, the pandemic-driven digital transformation of work, and generally deficient cyber preparedness and training. The report is based on a global survey of 1,225 information technology and cyber security leaders, and supported by Mimecast’s Threat Center data, which screens more than one billion emails per day.
Key highlights include:
- 79 percent of respondents indicated that their companies had experienced a business disruption, financial loss, or other setback in 2020 due to a lack of cyber preparedness. Respondents identified ransomware as the chief culprit behind these disruptions.
- 61 percent indicated they had been impacted by ransomware in 2020, a 20 percent increase since the previous State of Email Security report.
- Companies impacted by ransomware lost an average of six working days to system downtime, with 37 State of Email Security saying downtime lasted one week or more.
- More than half (52 State of Email Security) of ransomware victims paid threat actor ransom demands, but only two-thirds (66 State of Email Security) of those were able to recover their data. The remaining one-third (34 State of Email Security) never saw their data again, despite paying the ransom.
- 47 State of survey respondents noted they saw an increase in email spoofing activity.
- 71 percent said they are concerned about the risks posed by archived conversations from collaboration tools.
Cyber preparedness is lacking
Despite facing an elevated threat volume, the report found that companies aren’t doing well in the area of threat prevention. In addition to the 79 State of Email Security of respondents who indicated a lack of cyber preparedness, other notable findings include:
- 40 State of Email Security of those surveyed said their organizations fall short in one or more critical areas of email security systems, leaving employees open to phishing, malware, business email compromise and other attacks.
- 43 State of Email Security said that employee naiveté about cyber security is one of their greatest vulnerabilities, and yet only one in five respondents indicated they have ongoing (more than once per month) security awareness training in place.
Given these factors, it’s not surprising that 70 State of Email Security of survey respondents believe their business will be harmed by email attacks in the next year. In 2020, only 59 State of Email Security of respondents said they felt this way.