Ransomware Study: 78% of Attack Victims Paid Ransom and 74% Suffered Multiple Strikes

A survey of nearly 1,000 IT and security professionals shows numerous organizations were targeted by ransomware attacks in the past year with a high degree of success, with most paying a ransom—many of which paid multiple times.

Semperis, a cyber resilience firm, conducted a poll of IT and security professionals at organizations spanning multiple industries across the US, UK, France and Germany. The firm says the results of the survey shows alarming trends in attack frequency, severity and consequences.

The highlights of the Semperis survey include:

• 74% of respondents that were attacked for ransom in the past 12 months were attacked multiple times—many within the span of a week.
• 78% of targeted organizations paid the ransom—72% paid multiple times, and 33% of those paid ransom four times or more.
• 87% of attacks caused business disruption—even for those that paid ransom—including data loss and the need to take systems offline. For 16% of respondents, the attack created a life-or-death dilemma.
• 35% of victims that paid ransom either did not receive decryption keys or received corrupted keys.
• 49% of respondents needed one to seven days to recover business operations to minimal IT functionality after a ransomware attack, and 12% needed seven days or more.

Semperis partnered with Censuswide, an international market research consultancy in London, to conduct a detailed study of global organizations’ experience with ransomware in the first half of 2024. The survey included 900 IT and security professionals across multiple industries, including education, finance, healthcare, manufacturing and utilities, IT and telecommunications, and travel and transportation.