Key Findings

ITWeb, in partnership with KnowBe4, conducted a survey on ransomware during August/September 2021.

The objective of the survey is to gain a better understanding of how South African organisations have been impacted by and are responding to the ransomware threat.

A total of 378 responses were captured, with 61% of respondents being at executive or middle management level, and working in a range of major industry sectors.

Here are some of the key findings:

1. An overwhelming 85% of respondents are concerned about ransomware.

2. 67% of respondents say they wouldn’t pay a ransom to get their data back. Reasons given include they have backups and are prepared for an attack and because paying the ransom doesn’t guarantee a decryption key and it would further encourage attackers. 19 % said it's complicated and depends on the impact on business continuity and type of data exfiltrated / extorted. Only 5% said they’d pay a ransom.

3. Respondents were asked what concerned them most about the ransomware threat. Business disruption topped the list of concerns, followed by loss of data, brand/reputational damage and regulatory impact and/or fines.

4. 67% of respondents say ransomware is covered as a threat within their general IT risk management and security strategy. 20 percent of respondents don’t have a ransomware protection strategy in place.

5. Asked how well prepared their organisation was for a ransomware attack, 28% were well prepared, 36% were prepared, 21% were somewhat prepared and 8% said they should be more prepared. 7% said they weren’t prepared for a ransomware attack.

6. The top three countermeasures considered most effective in stopping ransomware are: security awareness training, endpoint protection and email scanning.

7. 63% of respondents said they hadn’t experienced a ransomware attack in the past, while 32% said they had been subject to a ransomware attack. 13% of those who said yes said social engineering was the root cause that allowed ransomware to gain an initial foothold in their environment. 8% blamed unpatched software.

8. Of those who said yes, 12% said the impact of the ransomware attack on their business wasn’t significant, while 17% said it had been significant. A further 8% said it was slightly significant.

9. In financial terms, 9% of respondents said the impact of the ransomware attack had exceeded R1-million, 2% said it was over R500 000, 5% said between R100 000 and R499 000 and another 5% said it was under R100 000. 7% said the cost to the organisation had been under R10 000.

10. Asked to rate how drastic the impact on their business was out of a possible score of 5, Business Disruption rated a 2.2, Loss of Data rated a 2 and Revenue Losses a 1.9. Brand/Reputational Damage scored a 1.8 and Regulatory Impact/Fines rated a 1.6 out of 5.

11. Some 37% of respondents don’t have cyber insurance against ransomware, while 41% have cyber insurance that covers the organisation in the event of a ransomware attack.

12. A third of respondents who had suffered a ransomware attack reported encryption of data, 7% experienced encryption and exfiltration of data while 7% experienced all of the aforementioned as well as a DDOS attack. Only 2% report paying the ransom – 38% recovered from backup and notified customers.