From reinfection during disaster recovery to debilitated backup restoration processes to paying ransoms in vain — one survey explores some victims’ challenges

From a January 2023 survey of 1,200 IT leaders across 14 countries (APJ, EMEA and the Americas) who had suffered at least one cyberattack in 2022, and who were deemed to be objective in their responses regarding the impact of ransomware and their future IT strategies and data protection initiatives, one cybersecurity firm has released some trend findings.

Firstly, one in seven organizations in the survey saw almost all (>80%) data affected as a result of a ransomware attack; while the attackers involved targeted backups during cyberattacks in 93% or more of the incidents, with 75% of victims unable to recover the data. 

Also, 80% of respondents cited having paid the ransom to end an attack and recover data — up 4% compared to the year prior — despite 41% of them being subject to a “Do Not Pay” policy on ransomware.

Other findings

    • 21% of respondents cited that ransomware was specifically excluded from their policies, and those with cyber insurance saw changes in their last policy renewals: 74% saw increased premiums, 43% saw increased deductibles, 10% saw coverage benefits reduced.
    • 87% of respondents had a risk management program: 35% believed their program was working well; 52% were seeking improvements; the remaining 13% did not have an established program.
    • 60% of respondents cited needing significant improvement or complete overhauls between their backup and cyber teams for addressing cyberattacks in Business Continuity or Disaster Recovery (BC/DR) planning.
    • 59% of respondents had paid the ransom and were able to recover data; another 21% paid but did not get their data back. Additionally, 16% of respondents avoided paying ransom because they were able to recover from backups.
    • 93% of cyber incidents in the survey involved criminals attempting to attack backup repositories, resulting in 75% of victims losing at least some data, and 39% losing backup repositories completely.
    • 82% of respondents used immutable cloud platforms, 64% used immutable disks, and 2% did not have immutability in at least one tier of their backup solution.
    • 44% of respondents had completed some form of isolated-staging to re-scan data (for reinfection) from backup repositories prior to re-introduction into the production environment. So, the remaining 56% did not have a means to ensure clean data during recovery.

According to Danny Allan, CTO, Veeam Software, which commissioned the survey: “It’s critical that every organization focuses on how rapidly they can recover (from cyberattacks) by making their organization more resilient. Focus on the basics, including strong security measures and testing both original data and backups, ensuring survivability of the backup solutions, and ensuring alignment across the backup and cyber teams for a unified stance.”