Report Finds Organisations Are Still in the Dark on Ransomware


Veeam’s 2024 Ransomware Trends Report reveals that ransomware remains an ongoing threat to organisations and is the largest single cause of IT outages and downtime, with targets unable to recover 43% of their compromised data.

The third annual Veeam 2024 Ransomware Trends Report released this week draws on insights from organisations that experienced at least one successful cyberattack in the preceding 12 months. Veeam analysed twelve hundred responses from executives, information security professionals, and backup administrators.

“Ransomware is endemic, impacting three out of four organisations in 2023. AI is now enabling the creation of smarter, more advanced security, but it’s also facilitating growth in the volume of sophistication of attacks,” said Veeam’s Dave Russell. “Our report delivers a clear message: ransomware attacks will continue, be more severe than predicted, and the overall impact will cost organisations more than they expect.”

Key findings from the report include:

  • The toll on the organisation’s people: When a cyberattack strikes, 45% of respondents reported heightened pressure on IT and security teams. Additionally, 26% experienced a loss of productivity, while 25% encountered disruptions to internal or customer-related services. 45% of surveyed individuals cited increased workload post-attack, while 40% reported heightened stress levels and other personal challenges that are difficult to mitigate on ‘normal’ days.
  • Organisations are misaligned for preparedness: For the third consecutive year, 63% of organisations find their backup and cyber teams lack synchronisation. Adding to the misalignment challenges, 61% of security professionals and 75% of backup admins believe that the teams need either ‘significant improvement’ or a complete system overhaul.
  • Paying the ransom does not ensure recoverability: For the third year, 81% of organisations surveyed paid the ransom to end an attack and recover data. However, one in three of these organisations could not recover even after paying. Also, more organisations paid but could not recover than those organisations that ‘recovered without paying.’
  • Relying on a good backup: While cyber and backup teams may not always be organisationally aligned, when asked about the existence of an incident response team and whether that team had a playbook, a mere 2% of organisations lacked a pre-identified team. Additionally, only 3% had teams but without a playbook in place.
  • The true financial impact: Contrary to the belief that having cyber insurance increases the likelihood of ransom payments, Veeam’s research indicates otherwise. Despite only a minority of organisations possessing a policy to pay, 81% opted to do so. Interestingly, 65% paid with insurance and another 21% had insurance but chose to pay without making a claim. This implies that in 2023, 86% of organisations had insurance coverage that could have been utilised for a cyber event. The ransoms paid averaged to be only 32% of the overall financial impact to an organisation post-attack. Moreover, cyber insurance will not cover the entirety of the total costs associated with an attack. Only 62% of the overall impact is in some way reclaimable through insurance or other means, with everything else going against the organisation’s bottom-dollar budget.
  • Cloud and on-premises data are just as easily attackable: There was no significant variation between how much data was affected within the data centre versus data within remote offices/branch offices or even on data hosted in a public or private cloud. Meaning that all IT infrastructure is just as seamlessly available to the attacker as it is easily accessible to the users.
  • Most organisations risk reintroducing infections: 63% of organisations are at risk of reintroducing infections while recovering from ransomware attacks or significant IT disasters. Pressured to restore IT operations quickly and influenced by executives, many organisations skip vital steps, such as rescanning data in quarantine, causing the likelihood of IT teams to inadvertently restore infected data or malware.
  • Organisations must ensure recoverable data: As a lesson learned, respondents of prior cyberattacks now recognise the importance of immutability with 75% of organisations now utilising on-premises discs that can be hardened and 85% are utilising cloud-storage with immutability capabilities. In fact, half of their overall backup storage is immutable, highlighting good improvements but with more work to be done.

“Organisations must take action to ensure cyber resiliency and acknowledge that rapid, clean recovery matters most,” said Russell. “By aligning teams and bolstering cybersecurity with immutable backups, they can protect their valuable business data while Veeam keeps their business running and secure.”

You can read the full report here.