- VEEAM Study Finding budget increases for cybersecurity is not sufficient; Companies need smarter resilience strategies
- Ransomware payments drop, but attackers change tactics faster than businesses can adapt
- The drop in attack rates does not mean that ransomware is beaten
New research has revealed the magnitude of the recent evolution of ransomware, warning that it remains a dominant threat to organizations around the world.
A VEEAM study, which has collected ideas of 1,300 cisos, IT and security professionals through the Americas, Europe and Australia, found that almost three -quarters of companies were affected by ransomware in the past year.
Cybersecurity measures seem to have an effect, companies confronted with ransomware incidents, slightly from 75% to 69% – and ransomware payments also decrease, because in 2024, 36% of the affected companies have chosen not to pay, and 60% of those who paid less than half of the requested pace.
The drop in attack rates is not a reason for convenience
“The organizations are improving their defenses against cyber attacks, but 7 out of 10 have still experienced an attack in the past year. And among the attacked, only 10% have recovered more than 90% of their data, while 57% recovered less than 50%,” said Anand Eswaran, CEO of Veeam.
However, companies cannot afford to relax. The main measures to apply the law against groups such as lockbit and blackcat have disrupted large -scale operations, but this inadvertently led to an increase in smaller and independent attackers.
Companies must still adopt proactive defenses and use anti-ransomware tools alongside the best solutions for the protection of ending points.
“As the nature and the time of attacks are evolving, it is essential for each organization to pass reactive security measures to proactive data resilience strategies.
The increase in data expiltration attacks, where hackers are going through the encryption to steal private data directly, is another alarming trend. In this environment, relying only on antivirus software may not be enough.
Although 69% of companies say they are prepared for an attack, this confidence drops sharply after an incident. Only 44% tested backup plans and only 30% have a formal chain of command in place.
Regular training, team cooperation and investments in solid recovery executives are necessary. Although cybersecurity and recovery budgets have increased, they remain insufficient.
Consequently, VEEAM advises companies to implement in-depth procedures such as the 3-2-1-1-0 data rule, which guarantees several immutable backups exempt from malicious software before catering.
