Top 10 worrying stats about ransomware in 2017

Ransomware has emerged as one of the hottest topics in cyber security circles in 2017, after organisations worldwide were left reeling from the WannaCry and Petya attacks.


Last year, we asked whether businesses were prepared for ransomware threats, and it seems even big name brands and public sector agencies remain vulnerable.


Here are ten worrying statistics about ransomware that have cropped up this year.

1. 44% of firms have no ransomware response plan

More than three-quarters of businesses believe ransomware is a significant threat to their business, according to figures from Varonis. However, the software provider found that only 56 per cent of survey respondents had a plan to respond to attacks, indicating some organisations are aware of the threat but are choosing to take risks anyway.

2. 68% of malicious emails are ransomware

Proofpoint’s quarterly report found that ransomware comprised nearly seven in ten malicious emails during the second quarter of 2017. This was a marked rise on the 60 per cent seen in a Malwarebytes study for Q1, highlighting the increasing prevalence of these incidents.

3. Malicious messages up 250% in Q2

Given that over two-thirds of malicious emails are ransomware, the fact that message traffic climbed 250 per cent between the first and second quarters of 2017 should raise a few eyebrows. Significantly, the figures (from Proofpoint) don’t even include the WannaCry or Petya viruses, which aren’t spread by email, emphasising the breadth and depth of the problem.

4. 99% of managed service providers think threats will rise

Ransomware doesn’t appear to be a flash-in-the-pan trend. Nearly all managed service providers recently polled believe the number of attacks will increase over the next two years. The research investigated small and medium-sized enterprises (SMEs), but the data will no doubt concern organisations of all sizes.

5. A business is attacked every 40 seconds

A Kaspersky Labs review of 2016 revealed a threefold increase in the number of ransomware attacks on businesses between January and September last year. This means an organisation is now attacked every 40 seconds, as opposed to every two minutes in 2015.

6. 65% of organisations pay the ransom …

Nearly two-thirds of businesses decided to stump up the cash when threatened with the loss of their data. Of these, 29 per cent said the ransom was so low it counted as a regular business cost, while 32 per cent admitted the information accessed was highly confidential. Some 37 per cent were worried about potential fines for data losses.

7. … But 20% didn’t receive their data back

Paying a ransom doesn’t mean businesses will receive their locked data, as one-fifth of organisations discovered to their chagrin in 2016, according to a Trend Micro study. SMEs don’t pay ransoms as often, Datto figures suggest, but they are also less likely to have their data returned if they do capitulate to demands (35 and 15 per cent respectively).

8. 8% of firms don’t make changes after an attack

While 36 per cent of organisations admitted becoming ransomware victims in 2016, eight per cent of these decided to make no changes to their systems or cyber security protocols this year. Launching an awareness campaign is the most common (56 per cent) response among companies that did adapt their approach to attacks.

9. The average ransom is approximately £412

Symantec research shows the average ransom that businesses faced was $544 in 2017 – or £412. This was significantly lower than the $1,071 charged last year, but it’s still 85 per cent higher than 2015 levels. According to Symantec, $500 seems to be the ‘sweet spot’ for criminals, as they look to find a balance between maximising revenues while still encouraging people to pay.

10. 20% of SMEs immediately cease operations after an attack

Smaller businesses are often the hardest hit when ransomware strikes, with Malwarebytes revealing that 20 per cent of SMEs have to cease business operations immediately after an attack. Furthermore, Intermedia estimates 72 per cent of enterprises can’t access their data for at least two days once they are targeted.

Protecting your organisation against ransomware

Unfortunately, the threat of ransomware only appears to be rising, as cyber criminals become increasingly sophisticated in their attack methods.


Businesses must therefore ensure they have comprehensive cyber security measures in place to tackle threats, including highly skilled professionals who can mount an effective response to ransomware and other risks.


Please contact Barclay Simpson to discuss your cyber security recruitment needs.


Our 2017 Compensation and Market Trends Report combines our review of the prevailing conditions in the security & resilience recruitment market together with the results of our latest employer survey.