Cybersecurity firm Sophos says IT professionals at retail organization are reporting above-average financial and operational impacts of ransomware attacks, with more than three-quarters of retail entities hit with ransomware in 2021.
According to the U.K.-based firm’s research and annual study of 422 retail IT professionals across 31 countries, the retail sector saw a 75% increase in the rate of ransomware attacks over the last year and 77% of such organizations were hit in 2021.
Although the increased attack rate is part of a cross-sector, global trend, the retail sector has the second-highest rate of ransomware attacks across all sectors, according to Sophos’ research.
Retail organizations reported below-average marks in their ability to combat and respond to attacks, the company’s research found that retail organizations saw an above average rate of data encryption at 68%, which is above the global average of 65%. Only 28% were able to stop an attack before attackers could encrypt data, which is also below the global average of 31%.
Ransomware attacks also have an oversized impact on the operations of retail organizations, with 92% saying ransomware attacks impact their ability to operate, compared with the cross-sector average of 90%. Impact on business and revenue were also higher in retail, with 89% reporting an impact compared to 86% for all sectors.
Retail organizations are also more likely to pay the ransom to restore data, as 49% said they would, compared with the global average of 46%. However, the amount of data restored by retail organizations after paying the ransom dropped to 62% in 2021 from 67% in 2020.
However, 5% of retail organizations got all their data back in 2021, which was down from 9% in 2020 but just above the global average of 4%.
Financially, retail organizations fare better than others when recovering, with the average ransom payment of about $226,000 less than one-third of the cross-sector average of $812,360.
Also in good news, the overall cost to remediate a ransomware attack for retail organizations dropped from nearly $2 million in 20202 to $1.27 million in 2021. The cross-sector average is a bit higher at $1.4 million.
Retail organizations are also more likely than others to have cyber insurance coverage against ransomware at a rate of 88% compared to the cross-sector average of 83%. Cyber insurance is also driving retail to improve cyber defenses, with 97% reporting a cyber upgrade to secure coverage.
Sophos’ report also includes recommendations for retail organizations to combat ransomware attacks, including:
- Protecting all endpoints in the environment
- Proactively hunting for threats
- Keeping tabs on security gaps such as unpatched devices, unprotected machines and open RDP ports
- Developing a response plan
- Making secure backups and practicing restoring from them
Leave a Reply