Companies Still Don't Believe They are Targets for Ransomware Attacks
OpenText has released results of its annual 2023 OpenText Cybersecurity Global Ransomware Survey. Findings show a similarity in how small-to-medium sized businesses (SMBs) and enterprises (more than 1,000 employees) think about ransomware attacks, including a disconnect about who is a target and growing concern about the use of artificial intelligence (AI) by threat actors.
While the majority of organisations don’t believe they will be attacked, they do understand the business risks as evidenced by increased security spending and plans to expand security teams.
“The conviction ‘it won’t happen to me’ is a risky mindset. Cyberattacks have become increasingly common and can have serious consequences; no business is immune to an attack,” said Prentiss Donohue, Executive Vice President, OpenText Cybersecurity. “While many businesses take the right defensive steps like using access controls, deploying backup and monitoring for threats, a layered security approach that includes education remains the best defense against ransomware. Ongoing education of the risks as well as the techniques used to perpetuate an attack is essential to avoid falling victim.”
Spotlight findings:
Optimism bias is still prevalent when it comes to ransomware attacks. Almost half of SMBs and enterprises (46% each) have experienced a ransomware attack, yet:
- 65% of SMBs don’t think or aren’t sure they are a ransomware target; a slight increase from 59% in 2022.
- Surprisingly, more than half (54%) of enterprises also don’t think, or aren’t sure, they are a ransomware target.
While SMBs and enterprises don’t think they are targets, both are still very concerned about ransomware attacks and the use of AI by threat actors.
- 90% of SMBs are extremely or somewhat concerned about a ransomware attack. This is a slight increase from the previous year’s 88%.
- Similarly, most enterprises (87%) are extremely or somewhat concerned about a ransomware attack.
- Over half (54%) of SMBs and enterprises feel more at risk of suffering a ransomware attack from increased AI use by threat actors.
Businesses are still taking threats seriously with plans to increase security budgets and expand security teams.
More than half (57%) of SMBs plan to increase their security budget in 2024, of these:
- 40% plan to increase budgets by 5 to 10%
- 33% plan to increase budgets by 10 to 20%.
Similarly, 53% of enterprises plan to increase their security budget in 2024, of these:
- 37% plan to increase budgets by 5 to 10%
- 31% plan to increase budgets by 10 to 20%.
44% of SMBs plan to increase the number of employees working on cybersecurity, of these:
- 50% plan to increase the number of employees working on cybersecurity by 5 to 10%.
- 43% of enterprises plan to increase the number of employees working on cybersecurity, of these:
- Almost half (46%) plan to increase the number of employees working on cybersecurity by 5 to 10%.