The average total cost of recovery from a ransomware attack has more than doubled in a year, increasing from $761,106 in 2020 to $1.85 million in 2021. The average ransom paid is $170,404.
The figures come from Sophos’ new survey, "The State of Ransomware 2021". The report also reveals that only 8% of organizations managed to get back all of their data after paying a ransom, and 29% received no more than half of their data.
Researchers polled 5,400 IT decision makers in mid-sized organizations across 30 countries in Europe, the Americas, Asia-Pacific and Central Asia, the Middle East, and Africa.
The survey finds the number of organizations that experienced a ransomware attack fell from 51% of respondents in 2020 to 37% in 2021. Fewer organizations suffered data encryption as the result of a significant attack: 54% in 2021 compared to 73% in 2020.
Despite a decline in overall attacks, Sophos researchers say the impact of a ransomware attack is now more damaging and costly.
"We've seen attackers move from larger scale, generic, automated attacks to more targeted attacks that include human hands-on-keyboard hacking," said Chester Wisniewski, principal research scientist, Sophos, in a release. "While the overall number of attacks is lower as a result, our experience shows that the potential for damage from these more advanced and complex targeted attacks is much higher."
The full report can be found here.