A study has revealed that businesses in South Africa have lost millions because of ransomware.Ransomware is a type of malicious software that encrypts a victim’s files and demands a ransom in exchange for the decryption key. This can also be viewed as a form of cyber extortion. The Nclose State of Ransomware in South Africa study show that 14 businesses, which amounts to 2.8% of respondents suffered impacts exceeding R10 million each, a collective loss of over R140 million for the group.
Companies lose millions due to ransomware
Stephen Osler, Co-Founder and Business Development Director at Nclose say the study surveyed 500 respondents in the country at the beginning of August. He adds that the figures that came out of the study are not a surprise.Apart from the companies that have lost more than R10 million each, 8.6% of the respondents said they lost between R1 million to R10 million. While 24% experienced losses between R100,000 and R1 million. 28% of respondents reported no financial impact. He added these costs are also associated with remediation and downtime.
How many companies experience ransomware
The study also found that 63.2% of the respondents had experienced at least one ransomware attack in the past 24 months. Of these, 27,8% faced 1-2 attacks, 23,2% encountered 3-5 attacks, and 12,2% dealt with 6 or more incidents. “Most organisations hesitate to disclose when attackers target them, so we don’t know the true extent of ransomware attacks in South Africa.” Olser also noted that cybercrime and ransomware attacks are rising in the country.
Recovery times
He says the ripple effects of the attack are heavy. Some companies take time to recover from the attack, which will cost them money. 13.8% of their respondents said they recovered in less than 24 hours; 19% recovered after over a week. What Osler finds most concerning is companies that have still not recovered from the attack, which is 5.6% of their respondents. “Taking over a week to recover is a long time, and it likely came at a significant cost, including impacts to daily operations that may not be fully accounted for in reported losses.”
Learning from experience
70,8% of respondents said they are confident in their ability to prevent future ransomware attacks. “This optimism is backed by tangible changes in organisational priorities and resource allocation.” 74,6% of organisations consider cybersecurity a high or top priority, 23% allocate over 20% of their IT budget to cybersecurity, and 20% dedicate 16-20% of their IT budget to cyber defence. Almost 60% of respondents expect an increase in ransomware attacks over the next year. “The threat of a ransomware attack is a higher priority than it was a few years ago. It was surprising, however, to note that 19 respondents said cybersecurity was a low priority or not a priority. I assume they don’t understand the risks associated or don’t perceive cybersecurity as a necessity for their business.”
Article by: www.citizen.co.za Image Via: Unsplash.com