CDSA

Of the Canadian businesses hit by ransomware, a majority (58%) of IT decision-makers say their organization paid a ransom, with 14% saying their organization paid more than once.

The Palo Alto Networks’ study, conducted by Angus Reid, found that ransomware attacks have been costly for Canadian organizations. The study found that the average ransom paid by Canadian organizations was more than C$450,000 (C$458,247).

Additionally, the average ransom demanded was nearly C$450,000 (C$449,868). Payments trended higher than demands, given that respondents provided separate answers for each question (i.e., how much a ransom was demanded did not relate to how much a ransom was paid).

The survey of IT decision-makers at companies with 100 to 1,000 employees, conducted by Angus Reid (Canada’s leading market research firm), highlights the breadth of the ransomware pandemic. The study found that ransomware attacks are plaguing Canadian organizations, as 55% of IT decision-makers say their organization has been the victim of a ransomware attack, with one in five (20%) saying they have been attacked more than once. Of these Canadian businesses hit by ransomware, a majority (58%) say their organization paid a ransom, with 14% saying their organization paid more than once.

“Ransomware gangs are not discriminating against the size or type of business they’re targeting, so all Canadian organizations must be prepared,” said Ivan Orsanic, regional vice president and Canada country manager at Palo Alto Networks. “Stopping ransomware attacks requires businesses to be proactive and have the right security strategy in place to prevent attacks, and to lessen the impact of an attack and speed up recovery if breached. ”

The long-term effects of ransomware attacks can be devastating for Canadian organizations if they’re victims. While 41% of businesses hit with a ransomware attack were able to recover within a month, according to the study, more than half (58%) say that it took more than a month to recover; 29% say it took more than three months; and 9% say it took more than five to six months.

Preparation is key to not only preventing an attack but also helping to minimize the impact of a successful attack. For example, Canadian organizations that recover quickly are ones that generally didn’t have to pay a ransom. The survey found that nearly half of Canadian organizations (46%) that didn’t pay a ransom were able to recover from an attack within a week, which suggests these were organizations that were prepared and had backup systems in place. Another possibility is that the attack wasn’t severe enough to warrant paying.

“This data clearly shows the high degree of danger that companies across Canada face from ransomware,” said Demetre Eliopoulos, senior vice president of Public Affairs at Angus Reid. “Given the high prevalence of attacks and the extent to which companies are financially and operationally crippled, no one has the luxury to be complacent on this issue ”

“Ransomware, today, is one of the biggest business risks to Canadian organizations. It is no longer a question of ‘if’ but ‘when’ and organizations of all sizes and industries must prepare in advance for this threat,” said Yogesh Shivhare, lead cybersecurity analyst at IDC Canada.