Mimecast: 80% of businesses experienced ransomware attacks in 2021

Mimecast: 80% of businesses experienced ransomware attacks in 2021 | Insurance Business Australia

Mimecast: 80% of businesses experienced ransomware attacks in 2021

Cyberattacks have become rampant since the COVID-19 pandemic forced organisations to go digital, with 80% of businesses across the globe experiencing ransomware attacks in 2021, according to Mimecast's latest report.

For this report, Mimecast commissioned Hanover Research to conduct a global survey of 742 cybersecurity professionals across Australia, Canada, Denmark, Germany, the Netherlands, South Africa, Sweden, the UK, and the US who held some or all responsibility for cybersecurity decision-making and hold titles in security or cybersecurity operations, including director, vice president, chief information officer (CIO), and chief information security officer (CISO).

It found that 80% of organisations had been attacked by ransomware in 2021, with more than one-third having chosen to pay the ransom in full when facing an attack after experiencing a disruption (42%) or downtime (36%).

The figures align with the findings of the latest Thales Global Data Threat Report, which revealed that four in 10 Australian businesses experienced a cyber breach in 2021. Meanwhile, global cybersecurity company Trend Micro Incorporated's (Trend Micro) latest Cyber Risk Index (CRI) warned that a majority of global organisations expect to be successfully hit by a cyberattack this year.

Read more: Thales cyber report: Four in 10 Australian businesses breached in 2021

The Mimecast report also found that two-thirds of executives who responded to the survey said they will feel “very or extremely” responsible for a successful ransomware attack because it is their job to protect the company (60%) and they underestimated the ransomware threat (48%). On the bright side, 77% of executives said they were confident in their company's preparedness for ransomware attacks, while 83% said they regularly review disaster recovery protocols.

The report advised organisations to have the “strongest possible protections in place,” including prioritising email security because email is the number one attack vector. However, it warned that winning against ransomware does not lie with a single technology, entity, or idea.

“It lies with an integrated set of security controls that support a defence in-depth approach. It lies with the collective power of organizations – both public and private – committed to regaining control. And it lies with fighting using every tool at the cybersecurity community's disposal, from technology and partnerships to intelligence sharing and policy, to stand strong against a determined set of adversaries,” the report said.