2021 Was Worst Year Ever for Ransomware; Two-Thirds of Victims Paid Ransom

A recent report finds 2021 was a record-setting year for successful ransomware attacks. A lack of skilled security staff and poor workforce practices meant ransoms were paid at an alarming rate.

Tags: cyberattacks, CyberEdge, firewall. ransomware, security, spending,

A recent report from CyberEdge Group says 2021 was a record-setting year for ransomware attacks. Even worse, such attacks were more effective due to a shortage of skilled personnel and low security awareness across the workforce.


The CyberEdge Group’s ninth annual Cyberthreat Defense Report (CDR) found:  

  • A record 71% of organizations suffered a successful ransomware attack (up from 55%).
  • Of those victimized, nearly two-thirds (63%) paid the requested ransom (up from 39%).
  • 84% of responding organizations are experiencing a shortfall of skilled IT security personnel.   -  [Most acute storages mentioned are in: IT security administrators (41%), IT security analysts (33%), and IT security architects (32%) ]

The 2022 CDR also yielded a ton of additional insights, including:


Increased security spending.  A whopping 83% of responding organizations are experiencing growth in their security budgets, up from 78% last year. The average security budget has grown by 4.6% in 2022, up from 4.0% in 2021.


Five hot security technologies for 2022.  Among the most sought-after security technologies in 2022 are next-generation firewalls (network security), deception technology (endpoint security), bot management (application and data security), advanced security analytics (security management and operations), and biometrics (identity and access management).


2022’s weakest links.  Mobile devices, industrial control systems/supervisory control and data acquisition (ICS/SCADA) devices, and Internet of Things (IoT) devices top this year’s list of the IT components that are most challenging to secure.


Integrating app and data security.  “Improved cloud security posture’ and “enhanced security incident investigations” were the top benefits of integrating application and data security into a unified platform.


Protecting work from home (WFH).  Security teams rely on anti-virus and VPN products, SD-WAN, network access control (NAC), and mobile device management (MDM) solutions to safeguard employees working at home.


API security implementations still strong.  Solutions to protect application programming interfaces (APIs) are embraced by nearly two-thirds (64%) of organizations.


PII and credentials at risk.  Among web and mobile application attacks, personally identifiable information (PII) harvesting and account takeover (ATO) attacks are the most prevalent and concerning.


Hybrid cloud security headaches.  “Detecting unauthorized application usage” (46%) and “detecting and responding to cyberthreats” (45%) top the list of hybrid cloud security challenges.


Specialty certifications in demand.  Nearly all (99%) of the research participants agreed that achieving an IT security specialty certification would boost their careers. Cloud security and software security topped the list of specialty certifications in highest demand.


Embracing emerging technologies.  The vast majority of organizations have embraced emerging security technologies such as SD-WAN (82%), zero trust network architectures (77%), and security access service edge (SASE) (73%).

Trends in Firms Paying Ransomware Ransoms 

CyberEdge Group’s CDR also examined the alarming trend in an increasing number of companies paying ransomware ransoms.


As organizations such as Colonial Pipeline, CNA Financial, and JBS Holdings grab headlines for paying ransoms, the CyberEdge report offers three explanations:

Threat of exposing exfiltrated data.  Most modern ransomware attacks not only encrypt compromised data but also exfiltrate it. Failure to pay a ransom can, and has, resulted in public exposure of highly sensitive data to the embarrassment of its victims.


Lower cost of recovery.  Many organizations conclude that paying a ransom is significantly less costly than enduring the high cost of system downtime, customer disruptions, and potential lawsuits stemming from publicly exposed confidential data.


Increased confidence for data recovery.  Nearly three-quarters (72%) of ransom-paying victims recovered their data last year, up from 49% in 2017. This increased confidence for successful data recovery is often factored into the ransom-paying decision.

CyberEdge Group’s annual Cyberthreat Defense Report provides information security decision-makers and practitioners with practical, unbiased insight into how enterprises and government agencies defend their networks in today’s complex cyberthreat landscape.