In this case Meat Loaf was wrong – two out of three is bad. According to a recent survey, ransomware attacks affected two thirds (66%) of companies last year.

As covered by Sharon Nelson in her excellent Ride the Lightning blog (66% of Organizations Hit by Ransomware – Average Ransomware Payment Exceeds $800,000), SC Media recently reported that it’s getting harder and more expensive to obtain cyber insurance. The challenges are discussed in a recent Sophos report: Cyber Insurance 2022: Reality from the InfoSec Frontline. The report gathered information from a survey of 5,600 IT professionals.

When asked if ransomware attacks affected them in the last year, 66% of respondents said yes – up from 37% when Sophos asked the same question last year – that’s a 78% increase! The average ransomware payment is now more than $800,000, while last year it was around $170,000 – that’s a 470% increase! Scary.

In addition, over the last year, companies have been dealing with:

• A 57% increase in the volume of attack
• A 59% increase in the complexity of attacks
• A 53% increase in the impact of attacks

When it comes to trying to get cyber insurance in 2022:

• 54% said the level of cybersecurity they need to qualify is now higher
• 47% said policies are now more complex
• 40% said fewer companies offer cyber insurance
• 37% said the process takes longer
• 34% said it is more expensive

As I reported last year, cyber insurance is skyrocketing, due in large part to how ransomware attacks affected so many. The struggle not only continues, it’s also intensifying.

The one bit of good news is that organizations are making changes to protect themselves and secure insurance. For example:

• 64% have implemented new technologies and services
• 56% have increased staff training and education activities
• 52% have changed processes and behaviors

These are measures organizations must address to protect themselves. Because ransomware attacks are only getting worse.

So, what do you think? Are you surprised at how much ransomware attacks have risen? Please share any comments you might have or if you’d like to know more about a particular topic.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by my employer, my partners or my clients. eDiscovery Today is made available solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Today should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.