Only 8% of ransomware victims get all of their data back after paying the ransom, according to researchers at Sophos. The researchers found that, on average, victims who pay the ransom recover about 65% of their data, while 29% of respondents said they recovered less than 50% of their data.

The researchers also found that the average cost of recovering from a ransomware attack has risen by more than $1 million compared to last year, even if the victim pays the ransom.

“Paying the ransom is just part of the cost of remediating an attack,” Sophos says. “While both the number of ransomware attacks and the percentage of attacks where adversaries succeed in encrypting data has declined since last year, the overall cost of remediating a ransomware attack has increased. Respondents reported that the average cost to rectify the impacts of the most recent ransomware attack (considering downtime, people time, device cost, network cost, lost opportunity, ransom paid, etc.) was US$1.85 million, more than double the US$761,106 cost reported last year.”

The researchers suspect the rise in costs is due to the increasing sophistication of ransomware attacks.

“In the last year, Sophos ransomware experts have seen a considerable increase in advanced ransomware attacks that combine automation with hands-on human hacking,” they write. “These complex attacks require more complex recovery processes, and this may be a key factor behind the overall increase in ransomware recovery costs.”

The researchers note that preparation can have a visible impact on ransomware defense, pointing to Israel as an example.

“Israel is among the countries with the lowest overall ransomware remediation costs despite being a developed economy,” Sophos says. “For geopolitical reasons, Israel is a major target for cyberattacks (not just ransomware), resulting in very high levels of cyber defenses, preparedness, and remediation expertise across the country. These combine to lower the financial impact of an attack.”

Better not to rely on a social contract with criminals. Help your people learn how to spit the phish hook before it’s set. New-school security awareness training can give your organization an essential layer of defense against ransomware by teaching your employees how to recognize phishing emails.

This article originally appeared on KnowBe4.

About the Author

Stu Sjouwerman (pronounced “shower-man”) is the founder and CEO of KnowBe4 Inc, a provider of the most popular Security Awareness Training and Simulated Phishing platform. A serial entrepreneur and data security expert with more than 30 years in the IT industry, Sjouwerman is the author of four books, with his latest being “Cyberheist: The Biggest Financial Threat Facing American Businesses.” Along with his CEO duties, Stu is Editor-in-Chief of Cyberheist News, an e-zine tailored to deliver IT security news, technical updates, and social engineering alerts. Stu is a four-time Inc 500 award winner and EY Entrepreneur of the Year finalist.