- Report Finds VPN Complexity, Poor Maintenance Driving Increase in Ransomware Incidents
- Cloud-based VPN alternatives can reduce exposure to ransomware and direct attacks
- Complex on-premises VPN systems often result in outdated configurations
Businesses that rely on older on-premises VPN devices could face higher ransomware risks, findings from At-Bay InsurSec 2025 Report have claimed.
Analysis of cyber insurance claims found that organizations using VPN systems from Cisco and Citrix were 6.8 times more likely to be affected by ransomware than those without such devices.
The study, based on more than 100,000 policy years of data collected between January 2024 and March 2025, analyzed incidents among about 40,000 insured customers in the United States.
SonicWall VPN also at risk
At-Bay said it adjusted its analysis to take into account how common each product is in customers’ environments.
Adam Tyra, CISO for At-Bay clients, said The Registry“We think the bottom line is clear: businesses that rely on on-premises VPN devices from vendors like Cisco and Citrix should seriously consider transitioning to modern cloud-based remote access solutions.”
Businesses that want to stay safe should check out our recommendations for the best VPNs and the best VPNs with antivirus.
The report found that SonicWall VPN users were 5.8 times more likely to experience ransomware, following a 300 percent increase in Akira attacks during the third quarter, with Palo Alto Global Protect at 5.5 times and Fortinet at 5.3 times.
Businesses that used a local VPN of any type were 3.7 times more likely to be victims of an attack than those that used a cloud-based VPN or no VPN at all, At-Bay reported.
“We’re not suggesting that these products are inherently unsafe, but they are complex and require constant maintenance,” Tyra said. “While many organizations can deploy them safely, many fewer can properly maintain them over time, leading to skipped patches and outdated configurations.”
The report added that 80 percent of ransomware cases began when attackers gained access through remote access tools, and 83 percent of them involved VPN devices. He attributed this to the increasing complexity of the device.
Tyra said: “The bottom line is that traditional local VPNs are often too difficult to operate securely for most businesses.” He added that cloud-based Secure Access Service Edge products “significantly reduce exposure to direct attacks compared to traditional VPNs.”
Neither Cisco nor Citrix responded the record requests for comments.
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds. Be sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp also.
