Findings from The Global Cost of Ransomware Study reveal that 64% of Australian organisations have had to shut down operations following a ransomware attack. Forty-three percent reported a significant loss of revenue; 42% had to eliminate jobs, and 39% lost customers.

The research examined the scope of ransomware threats confronting organisations and the measures being implemented to reduce the risks and their impacts. Key findings include:

• Attackers are reaching critical systems to cause maximum disruption: Ransomware attacks impacted 28% of critical systems, with local systems down for 12 hours on average. Both data points were the highest globally, showing that Australian companies are being particularly hard hit by Ransomware.
• Organisations continue to spend significant time and money containing ransomware: On average, it took 17 people, 134 hours each to contain and remediate their largest ransomware attack.
• Costs associated with reputation and brand damage now exceed those from legal and regulatory actions: 39% experienced significant brand damage from an attack.
• Failure to prioritise investments that boost resilience is costing businesses: 39% lack the ability to quickly identify and contain attacks, and only 18% have implemented microsegmentation – a vital control for stopping the spread of breaches. This compares to 44% of companies in the US, with Australia well behind the global average when it comes to using segmentation to secure critical assets.

“Ransomware is more pervasive and impactful than ever, but not all attacks need result in the suspension of operations or major business failure,” said Trevor Dearing, Director of Critical Infrastructure at Illumio. “Organisations need operational resilience and controls like microsegmentation that stop attackers from reaching critical systems should be non-negotiable. By containing attacks at the point of entry, organisations can protect critical systems and data, and save millions in downtime, lost business, and reputational damage.”

Operation technology and hybrid environments remain weak links, with attackers exploiting unpatched systems
The increased connectivity of business systems and devices is making it harder for organisations to defend against ransomware attacks. Organisations perceive operational technology as being the most vulnerable to ransomware (41%), followed by the cloud (39%) and endpoint devices (39%). Twenty-eight percent also say a lack of visibility across hybrid environments makes it difficult to respond to ransomware attacks.

Desktops and laptops remain the most compromised devices (46%), with Remote Desktop Protocol (RDP) and phishing cited as top entry points for ransomware. Most attacks moved across the network to infect other devices. In over half of these cases (55%), attackers exploited unpatched systems to move laterally and escalate system privileges.

Organisations are investing heavily in ransomware defence, but efforts are falling short
According to the research, nearly a third of IT budgets (31%) are allocated to staff and technologies meant to prevent, detect, contain, and resolve ransomware attacks, yet attacks are still successful. Ninety-one percent of organisations have fallen victim to a ransomware attack, despite 56% being confident in their security posture.

Organisations are also taking a chance on ransomware recovery and failing. Forty-seven percent of respondents believe having a full and accurate backup is a sufficient defence against ransomware. Yet only 10% were able to recover all impacted data following a ransomware attack.

The report also found larger organisational challenges in defending against ransomware including:

• Ransomware reporting is still not happening: 71% of those that experienced a ransomware attack didn’t report it to law enforcement. Top reasons for not reporting include fear of retaliation (43%); being up against a payment deadline (37%); and not wanting to publicise the incident (31%).
• Employees remain a weak link in security: Only 45% are confident in the ability of employees to detect social engineering lures and insider negligence is the top challenge when responding to ransomware attacks.
• Organisations are slow to adopt AI to combat ransomware: Only 35% of Australian companies have specifically adopted AI to help combat ransomware – the lowest of any country. More (46%) are concerned their organisation may experience an AI-generated ransomware attack.

To learn more, download the full Global Cost of Ransomware Study here or check out the blog here.

Research Methodology
The research was conducted by Ponemon Institute on behalf of Illumio among 2,547 IT and cybersecurity practitioners in the US, UK, Germany, France, Australia and Japan. All participants have responsibility for addressing ransomware attacks within their organisations.

About Illumio 
Illumio, the most comprehensive Zero Trust solution for ransomware and breach containment, protects organisations from cyber disasters and enables operational resilience without complexity. By visualising traffic flows and automatically setting segmentation policies, the Illumio Zero Trust Segmentation Platform reduces unnecessary lateral movement across the multi-cloud and hybrid infrastructure, protecting critical resources and preventing the spread of cyberattacks.