The State of Ransomware 2021

In February 2021, Sophos recruited 5,400 IT professionals from 30 different countries to participate in their annual “State of Ransomware” report.

The objective of the report is to provide fresh new insights into the frequency and impact of the most critical threat businesses face today: Ransomware.

The report covers a wide range of cybersecurity topics, including:

  • How often cybercriminals succeed in encrypting data
  • Which sectors are most likely to pay the ransom
  • The average ransom paid by small and mid-sized organizations
  • How much data victims get back after paying the ransom
  • Best practices to minimize the impact of a ransomware attack

The report also reveals how many businesses were hit in 2021 compared to previous years, the impact of those breaches, and how much organizations typically paid to restore their data.

Here are some of the key findings from the report:

  • 37% of respondents’ organizations were hit by ransomware in the last year
  • 54% that were hit by ransomware in the last year said the cybercriminals succeeded in encrypting their data in the most significant attack
  • 96% of those whose data was encrypted got their data back in the most significant ransomware attack
  • The average ransom paidby mid-sized organizations was US$170,404
  • However, on average, only 65% of the encrypted data was restoredafter the ransom was paid
  • The average bill for rectifying a ransomware attack, considering downtime, people time, device cost, network cost, lost opportunity, ransom paid etc. was US$1.85 million
  • Extortion-style attacks where data was not encrypted but the victim was still held to ransom have more than doubled since last year, up from 3% to 7%
  • Having trained IT staff who are able to stop attacks is the most common reason some organizations are confident they will not be hit by ransomware in the future