Cybereason Research Shows Why It's Never a Good Idea to Pay Ransom

Many organizations don't have EDR to prevent ransomware attacks.

Edward Gately, Senior News Editor

June 18, 2021

6 Slides

New Cybereason research provides compelling reasons for organizations hit with ransomware not to pay the ransom.

A study of 1,300 security professional reveals more than half of organizations have been the victim of a ransomware attack. Furthermore, 80% of those that chose to pay a ransom demand suffered a second ransomware attack. And often it was at the hands of the same threat actor group.

The Cybereason research also divulged that 46% of organizations that opted to pay a ransom demand to regain access to their encrypted systems reported that some or all of the data was corrupted during the recovery process.

More Damage, Higher Payments

Other key findings include:

  • Sixty-six percent of organizations reported significant loss of revenue following a ransomware attack.

  • Thirty-five percent of businesses that paid a ransom demand shelled out between $350,000-$1.4 million. Seven percent paid ransoms exceeding $1.4 million.

  • Fifty-three percent said their brand and reputation were damaged as a result of a successful attack.

  • Thirty-two percent lost C-Level talent as a direct result of ransomware attacks.

  • Twenty-nine percent were forced to lay off employees due to financial pressures following a ransomware attack

In addition, a startling 26% of organizations reported that a ransomware attack forced the business to close down operations entirely

To find out more, we spoke with Stephan Tallent, Cybereason’s vice president of MSSPs for North America.

Channel Futures: What’s most surprising about this new data?


Cybereason’s Stephan Tallent

Stephan Tallent: Most surprising is how many companies do not have the prerequisite security solutions in place to prevent ransomware attacks when there are many endpoint detection and response (EDR) solutions products that will help companies stop the threat in its tracks. Cybereason was also surprised that many companies suffered a ransomware attack and still didn’t deploy EDR.

Scroll through our gallery above for more comments from Cybereason and other cybersecurity news.

Want to contact the author directly about this story? Have ideas for a follow-up article? Email Edward Gately or connect with him on LinkedIn.

Read more about:

MSPsChannel Research

About the Author(s)

Edward Gately

Senior News Editor, Channel Futures

As news editor, Edward Gately covers cybersecurity, new channel programs and program changes, M&A and other IT channel trends. Prior to Informa, he spent 26 years as a newspaper journalist in Texas, Louisiana and Arizona.

Free Newsletters for the Channel
Register for Your Free Newsletter Now

You May Also Like