Backups Become the Focus as Three-Fourths of Organizations Experienced Ransomware Attacks

New data puts the spotlight on how most organizations are unable to completely recover their data after a ransomware attack, making the case for better data protection for improved incident response.

It appears that organizations simply aren’t prepared in the face of a ransomware attack, according to backup vendor Veeam’s just-released 2022 Data Protection Trends Report. Most organizations have a less-than-perfect ability to recover from major business disruptions. According to the report, ransomware specifically is a huge problem for organizations today:

  • 76% of organizations experienced a ransomware attack in the last 12 months
  • 60% of orgs experienced two or more attacks in the same timeframe
  • At best, only 80% of the data was recoverable – and only 19% of orgs were able to accomplish this
  • The average organization is only able to recover about 64% of their data

This says a lot about how your organization should be approaching its response to ransomware – and even about its preventative measures to stop attacks before they have an impact. With most organizations unable to fully recover, and a majority of you suffering an attack, there are a few things you need to get right now:

Think disaster recovery, not backups – Have the ability to fully recover some or all of your environment in the wake of a ransomware attack. That means you’ve got a full disaster recovery plan in place, complete with a recovery team, simulation testing, a communication plan, etc.

Improve security at your weakest point – Veeam’s report also notes that, of those organizations who experienced a ransomware attack, 42% of the attacks started with a user who clicked on a malicious link. That means, despite all the security solutions you have in place, malicious emails are still getting through. So, it’s up to the user receiving the email to stop the attack by recognizing the phishing email for what it is and choosing not to engage with it. This is what security awareness training teaches users; to stay vigilant, to play a role in organizational cybersecurity, and to stay clear of suspicious or malicious content in emails or on the web.

Stu Sjouwerman
About the Author
Stu Sjouwerman (pronounced “shower-man”) is the founder and CEO of KnowBe4 Inc, a provider of the most popular Security Awareness Training and Simulated Phishing platform. A serial entrepreneur and data security expert with more than 30 years in the IT industry, Sjouwerman is the author of four books, with his latest being “Cyberheist: The Biggest Financial Threat Facing American Businesses.” Along with his CEO duties, Stu is Editor-in-Chief of Cyberheist News, an e-zine tailored to deliver IT security news, technical updates, and social engineering alerts. Stu is a four-time Inc 500 award winner and EY Entrepreneur of the Year finalist.