Small and Medium Businesses Account for Nearly Half of all Ransomware Victim Organizations

As ransomware costs increase, along with the effectiveness and use of extortions, smaller businesses are paying the price, according to new data from Webroot.

Small businesses seem to be easy prey for ransomware gangs, according to Webroot’s just-released BrightCloud Threat Report. Whether it’s an assumption (and possible realization) of less-than-adequate security and/or backups in place, or the growing presence of cyber insurance, the SMB is most definitely in the crosshairs of threat actors using ransomware to generate their profits.

According to the report:

  • 44% of all ransomware victim organizations were less than 100 employees.
  • 82% of all ransomware attacks targeted organizations with less than 1,000 employees.
  • Additionally, 34% of organizations with 21-100 employees experienced malware infections.

To make matters worse for the SMB, the average ransom at the end of 2021 was $322K, with a median ransom of $117K – monies most SMBs can’t easily get a hold of to address ransomware attacks.

According to the report, Webroot identified over 4 million new high-risk URLs, with just under two-thirds of them being utilized as part of phishing attacks. This reinforces the continual use of phishing as an initial attack vector for ransomware attacks, requiring users within organizations to play a role in helping to stop these attacks. By implementing continual Security Awareness Training, organizations can teach employees to be watchful for phishing attacks, stopping them by simply not engaging with malicious content in emails and on the web.

Stu Sjouwerman
About the Author
Stu Sjouwerman (pronounced “shower-man”) is the founder and CEO of KnowBe4 Inc, a provider of the most popular Security Awareness Training and Simulated Phishing platform. A serial entrepreneur and data security expert with more than 30 years in the IT industry, Sjouwerman is the author of four books, with his latest being “Cyberheist: The Biggest Financial Threat Facing American Businesses.” Along with his CEO duties, Stu is Editor-in-Chief of Cyberheist News, an e-zine tailored to deliver IT security news, technical updates, and social engineering alerts. Stu is a four-time Inc 500 award winner and EY Entrepreneur of the Year finalist.