ITWeb, in partnership with KnowBe4, conducted a survey on ransomware and cyber extortion during March 2023.

The objective of the survey was to uncover how SA business is responding to the ransomware and cyber extortion (Cy-X) threat.

A total of 163 valid responses were captured, with 67% of respondents being at executive or middle management level. While 35% of respondents came from the IT sector and 16% from financial services, the remaining 49% come from a wide range of major industry sectors, with government and telecoms being the best represented.

Here are some of the key findings:

  1. Almost all (96%) of the survey respondents said they were concerned about ransomware and cyber extortion.
  2. 87% of respondents are prepared for a ransomware attack, 11% say they could be more prepared.
  3. 70% of respondents say that they would not pay a ransom to obtain the decryption key. 19% say it’s complicated and would depend on the impact on business continuity and type of data exfiltrated/extorted. 7% say they would pay the ransom.
  4. When asked whether their business would pay a ransom to prevent its exfiltrated data from being exposed or sold, 66% said no, 9% said they would and 20% said it would depend on the impact on business continuity and the type of data exfiltrated/extorted.
  5. Asked how much ransomware / CY-X concerned them compared to other contemporary threats, respondents said they were concerned about accidental downtime or loss of service (61%), theft of intellectual property (46%), regulatory penalty for compliance failure (eg POPIA) (40%) and Business Email Compromise (BEC) (40%).
  6. In the case of a successful Cy-X attack, the heaviest costs identified by 26% of respondents were IT services to recover affected technologies, followed by the cost of lost revenue owing to interrupted operations (19%) and the cost of future lost business (15%).
  7. The five countermeasures that respondents felt were the most effective at stopping ransomware were: 

    • Security awareness training (85%) 
    • Endpoint protection (70%) 
    • Email scanning (58%) 
    • EDR / XDR solution (44%) 
    • Antimalware (37%)
  8. Most survey respondents (71%) said they had not experienced a ransomware attack – 18% had, with 3% saying they experienced multiple incidents.
  9. Of those who had suffered a ransomware attack, 31% said the root cause that allowed the ransomware to gain initial foothold access to their environment was password issues; 23% said social engineering and 17% said unpatched software.
  10. Asked whether cyber insurance covers their organisation against ransomware, 37% of respondents said they didn’t have cyber insurance; 30% said yes, but limited; a quarter (24%) said they were fully covered; and 10% said paying ransoms is excluded from their cyber insurance policy.
  11. 60% of respondents affected by ransomware, remediated internally, i.e. they recovered from back-ups and notified their customers. Two percent paid the ransom.
  12. Of those businesses that suffered a ransomware attack, 67% of them say it didn’t result in negative disciplinary action for people responsible internally, whereas 33% say that it did result in negative disciplinary action for people responsible internally.
  13. A quarter of respondents (23%) who were exploited by a ransomware attack, paid the ransom, and received the ransomware decryption key from the attackers, found that the decryption key did not result in the recovery of their files. Thirteen percent of respondents partially recovered their files, another 13% fully recovered their files.
  14. 52% of those who suffered a ransomware attack didn’t report it to law enforcement or another regulatory body. 24% notified both a law enforcement agency and regulatory body, while 12% notified a law enforcement agency and 12% notified a regulatory body.