Average ransomware payment for US victims more than $6 million, survey says

A Mimecast survey of 742 cybersecurity professionals found that 80% have been targeted by ransomware over the last two years.
Written by Jonathan Greig, Contributor

A new report from Mimecast has found that the US leads the way in the size of payouts following ransomware incidents. 

In the "State of Ransomware Readiness" study from Mimecast, researchers spoke with 742 cybersecurity professionals and found that 80% of them had been targeted with ransomware over the last two years. 

Of that 80%, 39% paid a ransom, with US victims paying an average of $6,312,190. Victims in Canada paid an average of $5,347,508 while those in the UK paid nearly $850,000. Victims in South Africa, Australia, and Germany all paid less than $250,000 on average.

More than 40% of respondents did not pay any ransom, and another 13% were able to negotiate the initial ransom figure down. 

Of the 742 experts who spoke to Mimecast, more than half said the primary source of ransomware attacks came from phishing emails with ransomware attachments, and another 47% said they originated from "web security." Phishing emails that led to drive-by downloads were also a highly-cited source of ransomware infections. 

Less than half of respondents said they have file backups that they could use in the event of a ransomware attack, and almost 50% said they needed bigger budgets to update their data security systems. 

Also: What is malware? Everything you need to know about viruses, trojans, and malicious software

Despite the lack of backups, 83% of those surveyed said they could "get all their data back without paying the ransom." Another 77% of executives said they believed they could get their company back to normal within two days following a ransomware incident. This confused Mimecast researchers, considering nearly 40% of respondents admitted to paying ransoms. 

A number of respondents called for more training and more information-sharing about threats. 

"Ransomware attacks have never been more common, and threat actors are improving each day in terms of their sophistication and ease of deployment," said Jonathan Miles, head of strategic intelligence & security research at Mimecast. "Preparation is key in combating these attacks. It's great to see cybersecurity leaders feel prepared, but they must continue to be proactive and work to improve processes. This report clearly shows ransomware attacks pay, which gives cybercriminals no incentive to slow down."

Ransomware incident costs stretch far beyond the ransom itself; 42% of survey respondents reported a disruption in their operations, and 36% said they faced significant downtime. Almost 30% said they lost revenue, and 21% said they lost customers. 

Another cost? Almost 40% of the cybersecurity professionals surveyed said they believed they would lose their jobs if a ransomware attack was successful.

Two-thirds of respondents said they would "feel very or extremely responsible if a successful attack occurred. When asked why, almost half said it would be because they "underestimated the risk of a ransomware attack."

Editorial standards