- Veeam’s study finds budget increases for cybersecurity is not enough; Companies need more intelligent resilience strategies
- Ransomware payments are decreasing, but attackers are changing tactics faster than companies can adapt
- The decrease in attack rates does not mean that ransomware is beaten
New research has revealed the scale of recent Ransomware evolution, warning that it is still a dominant threat to organizations around the world.
A study by Veeam, who gathered ideas of 1,300 Ciso, IT leaders and security professionals in the Americas, Europe and Australia, found that almost three quarters of the companies were affected by ransomware during the past year.
Cybersecurity measures seem to have some effect, with companies that face ransomware incidents that decrease slightly from 75% to 69%, and ransomware payments are also decreasing, since in 2024, 36% of affected companies chose not to pay, and 60% of those who did pay less than half of the required ransus.
The decrease in attack rates is not a reason for complacency
“Organizations are improving their defenses against cyber attacks, but 7 out of 10 still experienced an attack in the last year. And of the attacked, only 10% recovered more than 90% of their data, while 57% recovered less than 50%,” said Anand Eswaran, CEO of Veeam.
Even so, companies cannot afford to relax. The main actions of application of the law against groups such as Lockbit and Blackcat have interrupted large -scale operations, but this has inadvertently led to an increase in smaller and more independent attackers.
Companies still need to adopt proactive defenses and use anti-arnsomware tools along with the best final point protection solutions.
“As the nature and time of attacks evolve, it is essential that each organization transition to safety measures reactive to proactive data resilience strategies. By adopting a proactive security approach, investing in solid recovery solutions and promoting collaboration between departments, organizations can significantly reduce the impact of ransomware attacks,” Eswaran added.
The increase in only exfiltration attacks, where computer pirates avoid encryption to steal private data directly, is another alarming trend. In this environment, trusting only in antivirus software may not be enough.
Although 69% of companies say they are prepared for an attack, this confidence falls sharply after an incident. Only 44% have tried support plans, and only 30% have a formal command chain.
Regular training, cross -equipment cooperation and investment in solid recovery frames are needed. Although budgets for cybersecurity and recovery have increased, they remain insufficient.
As a result, VEEAM advises companies to implement comprehensive procedures such as data rule 3-2-1-1-0, which guarantees multiple immutable copies free of malware before the restoration.
