"US Firms Hit with Largest Ransoms Globally"

Researchers at Mimecast have found that over 80% of global organizations have been hit by ransomware in the past two years, but executives still have a false sense of security about being able to prevent future attacks.  Victim organizations in the U.S. are paying a much higher price for security breaches. The average ransom in the U.S. was $6.3m, versus just $848,000 in the U.K. and $59,000 in Australia. On average, 39% of victims said they paid.  The ransom itself comprises only one element of the financial and reputational risk stemming from a successful attack. Respondents of the survey also noted that successful attacks also lead to operational disruption (42%), significant downtime (36%), lost revenue (28%), and lost current customers (21%).  Two-fifths (39%) of executives also claimed they could lose their jobs over an attack, while a quarter (24%) saw changes to the C-suite following a breach. The researchers stated that executives appear over-confident in their organization's ability to repel attacks.  Most executives (83%) believe they can get all their data back without paying a ransom, while over three-quarters (77%) think they can get operations back to normal within just five days.  The most common threat vector that respondents listed was malicious attachments in phishing emails (54%).  Many respondents argued that their organization needs more advanced security (45%) and more frequent end-user training (46%) to tackle the threat.

Infosecurity reports: "US Firms Hit with Largest Ransoms Globally"