"Sophos: Retail Organizations Pay Significantly Less in Ransomware Attacks"

New research conducted by Sophos reveals that retail companies affected by ransomware pay less than a third of the industry average when meeting ransom demands. Throughout 2021, the average payment made to a ransomware organization in the retail sector was $226,000, which was significantly less than the industry average of $812,000 per incident. According to Sophos, nearly one-quarter (22 percent) paid less than $1,000 for each incident, and most (70 percent) paid less than $100,000, whereas only 47 percent of the global average paid less than six-figure sums. In retail, the overall cost to remediate an attack was $1.27 million, down from $1.97 million the previous year. Total costs of ransomware incidents can include paying the ransom fee itself, the cost of recovering systems, a potential increase in cyber insurance premiums, and the cost of improving systems to prevent future attacks. Retail was largely spared from facing the highest ransomware attack costs, but incidents increased over the year, with up to 77 percent of all retail organizations impacted in some way. This number represents a significant increase over the previous year's figure of 44 percent. It demonstrates how retail is being targeted more frequently than the overall industry, where 66 percent of companies were impacted on average. According to Sophos, retail was the second-most targeted industry, with slightly higher than average rates of data encryption in attacks. This article continues to discuss key findings from Sophos' data on ransomware attacks and payments. 

ITPro reports "Sophos: Retail Organizations Pay Significantly Less in Ransomware Attacks"