Cybersecurity firm Sophos says IT professionals at retail organization are reporting above-average financial and operational impacts of ransomware attacks, with more than three-quarters of retail entities hit with ransomware in 2021.
According to the U.K.-based firm’s research and annual study of 422 retail IT professionals across 31 countries, the retail sector saw a 75% increase in the rate of ransomware attacks over the last year and 77% of such organizations were hit in 2021.
Although the increased attack rate is part of a cross-sector, global trend, the retail sector has the second-highest rate of ransomware attacks across all sectors, according to Sophos’ research.
Retail organizations reported below-average marks in their ability to combat and respond to attacks, the company’s research found that retail organizations saw an above average rate of data encryption at 68%, which is above the global average of 65%. Only 28% were able to stop an attack before attackers could encrypt data, which is also below the global average of 31%.
Ransomware attacks also have an oversized impact on the operations of retail organizations, with 92% saying ransomware attacks impact their ability to operate, compared with the cross-sector average of 90%. Impact on business and revenue were also higher in retail, with 89% reporting an impact compared to 86% for all sectors.
Retail organizations are also more likely to pay the ransom to restore data, as 49% said they would, compared with the global average of 46%. However, the amount of data restored by retail organizations after paying the ransom dropped to 62% in 2021 from 67% in 2020.
However, 5% of retail organizations got all their data back in 2021, which was down from 9% in 2020 but just above the global average of 4%.
Financially, retail organizations fare better than others when recovering, with the average ransom payment of about $226,000 less than one-third of the cross-sector average of $812,360.
Also in good news, the overall cost to remediate a ransomware attack for retail organizations dropped from nearly $2 million in 20202 to $1.27 million in 2021. The cross-sector average is a bit higher at $1.4 million.
Retail organizations are also more likely than others to have cyber insurance coverage against ransomware at a rate of 88% compared to the cross-sector average of 83%. Cyber insurance is also driving retail to improve cyber defenses, with 97% reporting a cyber upgrade to secure coverage.
Sophos’ report also includes recommendations for retail organizations to combat ransomware attacks, including:
- Protecting all endpoints in the environment
- Proactively hunting for threats
- Keeping tabs on security gaps such as unpatched devices, unprotected machines and open RDP ports
- Developing a response plan
- Making secure backups and practicing restoring from them
If you enjoyed this article and want to receive more valuable industry content like this, click here to sign up for our digital newsletters!
Leave a Reply