Sophos surveyed more than 300 retailers in 2021, and it found that 300 of them had been hit with ransomware attacks.
A new study from Sophos found that retail businesses are increasingly being targeted by ransomware. Sophos, a leader in cybersecurity, interviewed IT workers at mid-sized organizations in the retail sector to find out about their experiences with ransomware.
77% of respondents who were hit with ransomware in the year 2021 represented a 75% increase compared to 2020. That number is pretty bad. The average ransom payment grew from $147,811 in 2020 to $226,044 in 2021.
Chester Wisniewski, a scientist who works for a company that makes anti-virus software, discovered that about half of businesses who are attacked with ransomware think the volume and complexity of ransomware has stayed the same. He said that what surprised him most was that 77% of businesses had been attacked by ransomware.
Chester stated: “This is very concerning as it suggests that despite their failures in defending themselves, they may not be taking the threat seriously enough. Security should be viewed similar to an insurance policy — money well spent preventing much costlier outcomes. With more than three in four organizations falling victim, it seems attacks are nearly inevitable.”
But one positive thing that researchers have found is that the cost of ransomware remediation has dropped 46% to $1.27 million from $1.97 million in 2020.
Chester added: “Additionally, ransomware payments in the retail industry were considerably below the global average of all sectors, with 41% of retail organizations reporting paying less than $10,000 in ransoms compared to only 21% globally across all sectors,” he explained. “In 2020, only 28% of retail organizations reported paying ransoms below that threshold. Further, only 4% of retail organizations reported paying ransoms of more than $1 million, compared to the global all-sector average of 11%.”
A Sophos report shows that retailers, who face cybersecurity issues such as ransomware, experience a higher rate of data encryption than other industries. The report also notes that nearly all retail organizations reported that cyberattacks affected their ability to function normally.