New Infrascale Research Reveals 46% of SMBs Have Experienced Ransomware Attacks

New research from Infrascale has shown that ransomware attacks are very common in the small and medium business (SMB) community, as 46 percent of these businesses have fallen victim to them. Additionally, 73 percent of those SMBs that have been targeted by ransomware attacks have actually paid the ransom. However, over a quarter of the total SMB survey group stated they do not have a plan to mitigate a ransomware attack. Almost a fifth of the total group from this Infrascale research said they feel unprepared for a ransomware attack.

Recently Infrascale also released the findings of another study, which indicated that 58 percent of C-level executives at small and medium businesses (SMBs) said their biggest data storage challenge is security vulnerability. Additionally, 49 percent of top leaders at SMBs stated that cyberattacks are their biggest data protection concern. However, despite these concerns, over 20 percent of SMB leaders do not currently have a backup or disaster recovery solution in place.

This new research from Infrascale is based on a survey of over 500 C-level executives. CEOs represented 87 percent of the group. The majority of the remainder of the group was split between CIOs and CTOs.

In a press statement, CEO of Infrascale, Russell P. Reeder said, “ransomware is not a new phenomenon. However, it is surprising how many businesses are unprepared for a ransomware attack. It is shocking that during a time in which the world should be coming together in the fight against COVID-19, criminals are preying on unsuspecting people and organizations for personal — usually financial — gain. And, in many cases, these bad actors are actually benefiting. With appropriate strategies using preventative measures like internet security and education, and protection measures like data backup and disaster recovery, you should never have to worry about paying ransomware.”

This study found that Business-to-Business (B2B) organizations were more likely to have experienced a ransomware attack than Business-to-Consumer (B2C) organizations. Representatives from 55 percent of the B2Bs said they had been hit by ransomware. However, B2C organizations are not immune to these risks. 36 percent of this group stated they had been victims of ransomware attacks.

A Lack of Time and Resources

83 percent of SMBs said they feel prepared for a ransomware attack, with 87 percent of B2Bs and 77 percent of B2Cs expressing that sentiment. Conversely, 17 percent of the SMBs surveyed said they do not feel that their business is prepared for a ransomware attack. The SMBs that feel unprepared for ransomware attacks indicated that time and resources are the hardest things to manage.

32 percent of the SMBs surveyed stated that they have a limited amount of time to research ransomware mitigation solutions. The same share said their IT teams are stretched so thin that their organizations don’t have enough resources to address the threat of ransomware.

Reeder continued, stating, “there’s no question that the time and talent of IT professionals are at a premium today. But there are many solutions, with varying levels of protection, available to help businesses address ransomware. Many qualified third parties can do much of the heavy lifting in terms of implementation and setup. That makes it easier than ever for businesses to protect themselves from ransomware and avoid rewarding criminals by paying out costly ransoms.”

Paying the Ransom

The Infrascale research reveals that 78 percent of SMBs in the B2B category have already paid a ransom in a ransomware attack. 63 percent of B2C SMBs also said they had done the same. Over a quarter (26 percent) of the SMBs that said they hadn’t ever paid a ransom said they would consider doing so. Additionally, of that group, 60 percent said they would pay the ransom to quickly get their files back. 53 percent stated they would pay the ransom in order to protect their business’ public image around data protection and recovery efforts.

43 percent of SMBs surveyed said they have paid between $10,000 and $50,000 to ransomware attackers. On the upper end of the spending spectrum, 13 percent of those surveyed said they were forced to pay more than $100,000. However, paying a ransom does not guarantee that a business will recover any or all of its data. 17 percent of the survey participants who said they have paid ransoms before indicated that they were only able to recover some of their data.

Take Preventative Measures

The positive side of this Infrascale research shows that 72 percent of the SMB survey group said their organization currently has a plan in place designed to mitigate ransomware attacks. The research also indicates that B2Bs (80 percent) are better prepared in this area than B2C organizations (62 percent).

However, 28 percent of those surveyed still do not have a plan to mitigate a ransomware attack. These organizations, as well as their customers and stakeholders, are in a high-risk scenario. These businesses can begin to protect themselves from expensive ransomware attacks now, though. 

Reeder added, “the best protection, of course, is prevention. And education is the key to its success, If something looks nefarious, it usually is. However, criminals are becoming increasingly sophisticated at making their attacks look legitimate. And again, at a time where people are in search of information and answers, the public’s fake-filters are at an all-time low…With appropriate backup and disaster recovery in place prior to a compromising event, an organization can quickly restore its data or spin up its operations to restore service. And, with more investments in sophisticated tools or features such as those in Infrascale’s Cloud Backup and Disaster Recovery, the point of compromise can also be pinpointed and often prevented.”

Learn more about Infrascale.