Ransomware Continues to Cause Mayhem as Victims are Unable to Recover 43% of Affected Data

Fort Lauderdale, Fla.: VeeamON — June 4, 2024: Ransomware remains an ongoing threat for organizations and is the largest single cause of IT outages and downtime as 41% of data is compromised during a cyberattack, according to the latest Veeam^® 2024 Ransomware Trends Report. The report reveals that only 57% of the compromised data will be recovered, leaving organizations vulnerable to substantial data loss and negative business impact as a result.

“Ransomware is endemic, impacting 3 out of 4 organizations in 2023. AI is now enabling the creation of smarter, more advanced security, but it’s also facilitating growth in the volume of sophistication of attacks," said Dave Russell, Senior Vice President, Head of Strategy at Veeam. "Our report delivers a clear message: ransomware attacks will continue, be more severe than predicted, and the overall impact will cost organizations more than they expect. Organizations must take action to ensure cyber resiliency and acknowledge that rapid, clean recovery matters most. By aligning teams and bolstering cybersecurity with immutable backups, they can protect their valuable business data while Veeam keeps their business running and secure.”

The third annual Veeam 2024 Ransomware Trends Report draws insights from vetted organizations that experienced at least one successful cyberattack in the preceding 12 months. With 1,200 responses analyzed, comprising executives, information security professionals, and backup administrators, the report provides a comprehensive overview of the evolving threat landscape.

The toll on the organization’s people

Cyber-attacks naturally affect an organization’s financial stability, but just as significant is the toll it has on teams and individuals. When a cyberattack strikes, 45% of respondents reported heightened pressure on IT and security teams. Additionally, 26% experienced a loss of productivity, while 25% encountered disruptions to internal or customer-related services.

The report shows that the human impact of cyberattacks cannot be overstated. 45% of surveyed individuals cited increased workload post-attack, while 40% reported heightened stress levels and other personal challenges that are difficult to mitigate on ‘normal’ days. These challenges, coupled with existing organizational struggles, further underscore the importance of effective cyber defense strategies.

Organizations are misaligned for preparedness

Despite increased focus on cyber-preparedness, organizations still face a misalignment between their backup and cyber teams. For the third consecutive year, close to two-thirds (63%) of organizations find their backup and cyber teams lacking synchronization. Adding to the misalignment challenges in organizations, 61% of security professionals and 75% of backup admins believe that the teams need either ‘significant improvement’ or that a complete system overhaul is required.

Paying the ransom does not ensure recoverability

For the third year in a row, the majority (81%) of organizations surveyed paid the ransom to end an attack and recover data. One in three of these organizations that paid the ransom still could not recover even after paying. And also for the third year in a row, more organizations ‘paid, but could not recover’ than those organizations that ‘recovered without paying.’

Unveiling the true financial impact

Contrary to the belief that having cyber insurance increases the likelihood of ransom payments, Veeam’s research indicates otherwise. Despite only a minority of organizations possessing a policy to pay, 81% opted to do so. Interestingly, 65% paid with insurance and another 21% had insurance but chose to pay without making a claim. This implies that in 2023, 86% of organizations had insurance coverage that could have been utilized for a cyber event.

The ransoms paid averages to be only 32% of the overall financial impact to an organization post-attack. Moreover, cyber insurance will not cover the entirety of the total costs associated with an attack. Only 62% of the overall impact is in some way reclaimable through insurance or other means, with everything else going against the organization's bottom-dollar budget.

Relying on a “good backup”

• The most common component of a cyber preparedness playbook is a “good backup.” While cyber and backup teams may not always be organizationally aligned, when asked about the existence of an incident response team (IRT) and whether that team had a playbook, a mere 2% of organizations lacked a pre-identified team. Additionally, only 3% had teams but without a playbook in place.

Other key findings from the Veeam 2024 Ransomware Trends Report include:

• Cloud and on-premises data are just as easily attackable: Surprisingly, there was no significant variation between how much data was affected within the data center vs. data within remote offices/branch offices or even on data hosted in a public or private cloud. Meaning that all IT infrastructure is just as seamlessly available to the attacker as it is easily accessible to the users.
• Most organizations risk reintroducing infections: Alarmingly, almost two-thirds (63%) of organizations are at risk of reintroducing infections while recovering from ransomware attacks or significant IT disasters. Pressured to restore IT operations quickly and influenced by executives, many organizations skip vital steps, such as rescanning data in quarantine, causing the likelihood of IT teams to inadvertently restore infected data or malware.
• Organizations must ensure recoverable data: As a ‘lesson learned’, respondents of prior cyberattacks now recognize the importance of immutability with 75% of organizations now utilizing on-premises disks that can be hardened and 85% are utilizing cloud-storage with immutability capabilities. In fact, half of their overall backup storage is immutable, highlighting good improvements but with more work to be done.

The full Veeam 2024 Ransomware Trends Report is available now for download at https://vee.am/RW24 and as part of sessions at VeeamON 2024, the community event for data recovery experts, taking place online June 3-5 and in person in Fort Lauderdale, Fla. Designed by and built for the backup and recovery professional, attendees will expand their skills, learn how to protect their businesses from ransomware, and share industry knowledge with exclusive content from VeeamON 2024 Diamond Sponsors include ExaGrid, Hewlett Packard Enterprise, Lenovo and Microsoft; Platinum sponsors Backblaze, Hitachi, Pure Storage, Scality, and Wasabi; and many others. Registration for the in-person event and the virtual option is now open.

About the Report

This research report is based on 1,200 survey responses from the unbiased IT leaders and implementers whose organizations suffered at least one cyberattack in 2023, each of whom serves as either a CISO, a security professional or backup administrator. The survey was completed in early 2024 and published in June 2024.

For more information, visit https://www.veeam.com.

About Veeam Software

Veeam^®, the #1 global market leader in data protection and ransomware recovery, is on a mission to help every organization not just bounce back from a data outage or loss but bounce forward. With Veeam, organizations achieve radical resilience through data security, data recovery, and data freedom for their hybrid cloud. The Veeam Data Platform delivers a single solution for cloud, virtual, physical, SaaS, and Kubernetes environments that gives IT and security leaders peace of mind that their apps and data are protected and always available. Headquartered in Seattle, with offices in more than 30 countries, Veeam protects over 450,000 customers worldwide, including 74% of the Global 2000, who trust Veeam to keep their businesses running. Radical Resilience starts with Veeam. Learn more at www.veeam.com or follow Veeam on LinkedIn @veeam-software and X @veeam.