Tatsat Chronicle Magazine

78 Percent of Indian Organisations Were Hit by Ransomware in 2021: Sophos’ Survey

The annual State of Ransomware 2022 survey found that the affected organisations paid $1.2 million with about 10 percent of victims shelling out ransoms of $1 million or more
May 5, 2022

An annual survey conducted by security vendor Sophos has found that about 78 per cent of Indian organisations were hit with ransomware in 2021, up from 68 per cent in 2020. The average ransom paid by these organisations was $1.2 million, with some 10 percent of victims shelling out ransoms of $1 million or more, it added.

The international survey, the State of Ransomware 2022, studied the impact of ransomware on 5,600 mid-sized organisations in 31 countries across Europe, the Americas, Asia-Pacific and Central Asia, the Middle East, and Africa, including 300 in India.

“The ransomware situation in India is worrying. The numbers of victims, ransom payments and the impact of these attacks continued to rise during 2021, at considerable cost,” said Sunil Sharma, managing director, sales, India and SAARC, Sophos, in a statement.

“While the average expense of recovering from an incident declined to $2.8 million from $3.4 million in 2020, it remains a significant number that should be sounding alarm bells among management teams of Indian firms,” added Sharma.

The global survey not only covered ransomware incidents experienced in 2021, but also related cyber insurance issues.

Findings: State of Ransomware 2022

  • The average cost to recover from the most recent ransomware attack in 2021 was $2.81 million, down from $3.4 million in 2020. It took on average one month to recover from the damage and disruption. Ninety-seven percent of organisations said the attack had adversely impacted their operations; 92 percent of the victims lost business and/or revenue due to the attack.
  • Many organisations rely on cyber insurance to help them recover from a ransomware attack; 89 percent of mid-sized organisations had cyber insurance to help the survive a ransomware attack; in 100 percent of incidents, the insurer paid some or all the costs incurred.
  • Ninety-four percent of organisations with cyber insurance said, their experience of getting it has changed in the last one year, with higher demands for cybersecurity measures, more complicated or expensive policies and fewer organisations offering insurance protection