More than half of organizations globally (58%) have experienced six or more ransomware attack attempts in the past year, and 91% of victims paid at least one ransom, according to a survey by ExtraHop, a network detection and response security vendor.
The average payment was almost$2.5 million, according to the sixth iteration of the annual survey. Some 41.6% paid between$500,000 and$1 million, while 23.4% paid$100,000 to$500,000.
The survey found that 36% of respondents saw between one and five ransomware attack attempts in the past year, while 5% had yet to experience such an attack. Among the 58% that experienced at least six ransomware attack attempts, 25% saw six to 10 such incidents and another 25% experienced 11 to 15. The remaining 8% clocked more than 16 ransomware attacks.
Also: Ransomware victims continue to pay up, while also bracing for AI-enhanced attacks
Conducted by Censuswide earlier this year, the survey polled 1,102 IT and security decision makers from seven global markets: the US, the UK, France, Germany, Singapore, Australia, and the UAE. The survey had some 250 respondents each from the UK and the US, 150 each from France and Germany, and 100 each from Singapore, Australia, and the UAE.
ExtraHop noted that ransomware attacks were likely to increase through 2025 as threat actors with links to nation states tap ransom payments to finance military operations or advance political goals. "These groups are highly sophisticated," the security vendor said. "They target specific organizations and know how large of a payment their victims can afford."
Asked to identify scenarios that posed the biggest challenge for their organization, the majority (21.7%) pointed to ransomware.
Also: What is ransomware? Everything you need to know and how to reduce your risk
Despite the growing threat, 88.4% of respondents expressed confidence in their organization's ability to manage its cyber risks. However, 51% admitted that more than half of cybersecurity incidents at their organization were due to poor cyber hygiene. This figure has been falling over the past three years though, ExtraHop noted.
While the respondents were relying less on certain insecure network protocols, their use remains somewhat common, with 49% still using Microsoft Server Message Block (SMB) version 1 and 46% still depending on Link-Local Multicast Name Resolution (LLMNR).
The study estimated the average incident downtime at 56 hours, with 65% of organizations taking less than a week to respond to critical vulnerabilities, which is within the guidelines set by regulatory bodies such as the US Cybersecurity and Infrastructure Security Agency (CISA).
Faced with the current threat landscape, 31% of respondents said they need a budget increase of more than a 50% to effectively manage and mitigate cyber risk.
"Cyber risks are inevitable and no single organization is immune to the threat bad actors pose to their business," ExtraHop co-founder and Chief Scientist Raja Mukerji said in a statement. "With ransomware and downtime on the rise and ripple effects being felt throughout entire organizations, leaders are recognizing an inherent need to prioritize cybersecurity and, better yet, business resilience."