Without a plan for responding to a ransomware incident, you’ll pay. Most executives I’ve asked didn’t know what their organization would do if it were infected.

It’s a simple question that boards should ask executivess: “What’s your plan?”

Here are a few important statistics:

1. 80% of organizations were hit by ransomware in 2021
2. More than 60% of those who were hit, paid the ransom in 2020
3. 77% of ransomware infections in 2021 threatened to release sensitive data
4. The breach response costs made up 52% of the total cost of ransomware in 2021
5. The average ransom payment in 2021 was over $130K USD
6. 68% of infected organizations paid the ransom in 2020
7. Of 32% who paid the ransom in 2021, only 65% recovered the encrypted data

Security awareness paradox

It’s been a “super-fantastic” experience to see people learning and talking about security threats.

For just $325 USD, you can run a 6 week, automated program for phishing, social engineering and working from home.  (Normally valued at $450 USD)

Use Promo Code: 6WEEKS

It’s also important to know that many cyber insurance companies don’t cover the ransom payment, as it falls into a different category of risk.

Cyber insurance policies often have sub-limits for ransomware, which may be much less than the total coverage value for the policy.

Executives need a plan for ransomware prevention and response.

[The above statistics were obtained from the Panda Security website at: https://www.pandasecurity.com/en/mediacenter/security/ransomware-statistics/]


Scott Wright is CEO of Click Armor, the gamified simulation platform that helps businesses avoid breaches by engaging employees to improve their proficiency in making decisions for cyber security risk and corporate compliance. He has over 20 years of cyber security coaching experience and was creator of the Honey Stick Project for Smartphones as a demonstration in measuring human vulnerabilities.