Sophos: 78% of Indian Firms Experienced Ransomware in 2021 The average ransom paid by Indian organizations to get their data encrypted was $1.2 million USD, with 10 per cent of victims paying a ransom of $1 million or more.
In the year of 2021, close 80% of all companies that are based in India had to bear the brunt of a ransomware attack. This data was collected and released by Sophos, a cybersecurity company and they also said that ransomware attacks have gone up by 68% compared to the previous number which is definitely something to be worried about.
A ransomware refers to a subset of malware (Malicious Software) which threatens the hacked computer to release all private and confidential data or block it from the user/owner of it until they pay the bounty demanded.
Ransomware generally just locks out anyone from accessing the confidential files and data until the hackers receive the relevant bounty and this does not affect the files in any way, but recently, a new and advanced form has been popping up where they use a method called cryptoviral extortion where the malware encrypts the data and hands over the decryption key until their demands are met.
In just 2021, an estimated $1.2 million USD has been paid as ransom by Indian companies on average for each ransomware. Out of this around 10% of the hit companies have paid at least $1 million USD as ransom.
While the average cost it takes to recover from an attack like this has reduced from $3.4 million USD two years ago to $2.8 million USD in 2021, it is still a huge number and the total amount of money spent to recover has anyhow increased due to the huge increase in total attacks in 2021.
Almost 90% of all medium firms in India have been insured from all kinds of ransomware attacks. In almost every attack last year, the insurance company covered for some of the recovery and in quite a few cases, the insurance paid for it all. But unfortunately, due to the higher frequency of attacks, the process of receiving the insurance has become more complex and difficult to obtain. Due to its heavy frequency now, many insurance firms refrain from offering insurance against these types of cyber attacks and the ones who do demand a premium that can easily be considered exorbitant and out of budget for most Indian companies. Over the past years, the policies for these insurances have changed a lot to favour the insurance companies.
There needs to be a solution that benefits all parties as soon as possible and as more companies dip their feet into the digital world, cybersecurity is slowly becoming more important.