Less Than Half of Organizations Report Ransomware Attacks


August 30, 2023

World map

Hard numbers on the extent of the ransomware crisis are hard to come by, and the problem may be even bigger than we think given a new survey reveals that the majority of executives say their organizations do not report attacks.  

Well over half (61%) of executives surveyed reveal they did not report a major ransomware attack, according to a global survey of over 1,400 IT decision-makers at large organizations.  

"Most incidents do not get made public. After all, not every ransomware incident spreads to, nor takes down, an entire system or company infrastructure," noted Ian McShane, field chief technology officer at Arctic Wolf, who conducted the study.  

"Unsurprising when you think of the negative press and brand damage, let alone potential for fines or other penalties depending on the industry," McShane said.

Key findings of the survey worth noting include:  

  • 78% of executives claim that they would be willing to pay a ransom
  • 74% of executives believe their security teams cannot defend against ransomware
  • 60% of executives believe their employees could not identify a cyberattack

Takeaway: No, the ransomware problem is not going away. Ransomware attacks continue to be extremely lucrative, with ransom demands and recovery costs bleeding victim organizations for millions of dollars.  

Ransomware-as-a-Service (RaaS) and other extortion attack operators continue to implement novel evasion techniques specifically designed to evade or completely circumvent traditional endpoint protection solutions.

More than 2,300 organizations succumbed to ransomware attacks in just the first half of 2023 according to the most recently data, with the vast majority carried out by only three ransomware operators: LockBit (35.3%), ALPHV/BlackCat (14.2%), and Cl0p (11.9%). Overall, ransomware attacks were up 74% in Q2-2023 over Q1 volumes.  

So, if half of all ransomware attacks are going unreported, the problem is much bigger than we think. But wait – it could be even worse.

In 2022, the FBI spent seven months observing the infamous Hive ransomware gang after infiltrating their operations. Based on their observations, the agency came to the shocking conclusion that only about 20% of attacks were being reported to law enforcement.

That would mean the ransomware problem is not just twice as big as we think, but potentially several orders of magnitude bigger.

Given the risks involved in reporting an incident, it’s no wonder executives choose not to report unless compelled – and that looks like it will be the case for publicly traded companies.  

The U.S. Securities and Exchange Commission will soon be requiring disclosure of cyberattack events within four business days if they are deemed “material” to current and prospective shareholders "in making an investment decision."

Ransomware is big business, and the financial impact of ransomware attacks is one we all bear, and it is going to become a significant drag on our economy. The only way we can counter its growth as a major industry vertical is to disincentivize the attackers.

Ransomware attacks can do more damage to an organization than simply impacting the bottom line, they have the potential to damage brand, increase insurance costs, force budget cuts and layoffs, negatively impact stakeholders and even put victim organizations and their CXOs and BoDs in legal jeopardy.

The ransomware threat is very real, the problem is seemingly growing exponentially, and executive leadership at organizations are struggling with how best to deal with both preparing to defend against attacks as well as what to do to protect the organization after a successful attack.

Halcyon.ai is the industry’s first dedicated, adaptive security platform that combines multiple advanced proprietary prevention engines along with AI models focused specifically on stopping ransomware – talk to a Halcyon expert today to find out more.