Survey says Australian companies adopting multi-cloud more likely to pay ransom

The Veritas survey also showed companies that invested in security during the COVID-19 pandemic are reaping the rewards.

A new survey has revealed Australian organisations that operate multi-cloud infrastructures run a greater risk of being exposed to a ransomware attack and are more likely to pay hackers to retrieve their data in the event of one.

Special Feature

Special Report: Managing the Multicloud (free PDF)

More companies than ever are using multiple cloud providers. In this special report, ZDNet provides best practices for managing multiple clouds, and practical advice for picking the right vendors and tools to help you manage a multicloud environment.

Read More

Veritas revealed in its Australian report of its 2020 Global Ransomware Resiliency Report [PDF] that only 43% of the Australian respondents said their security has kept pace with the growing complexity of their IT environment.

According to the report, some 57% of Australian organisations run a multi-cloud environment and use between 15-20 cloud services. It indicated that 33% of organisations with more than 20 clouds paid a ransom in full, compared to the 19% of businesses with fewer than five clouds that did the same.

At the same time, the average number of clouds deployed by organisations who partly paid a ransom was 11.47, versus 6.17 for businesses who did not pay at all.

The survey -- which was conducted in September 2020 and includes responses from 150 Australians senior IT executives from companies of 1,000 employees or more – also showed that a business with complex cloud architectures was likely to hinder how quickly they recover from a ransomware attack.

While 41% of those businesses with fewer than five cloud providers in their infrastructure saw their operations disrupted by less than one day, 67% with over 20 clouds took five to 10 days to get back on track.

Read also: Why ransomware has become such a huge problem for businesses (TechRepublic)

"We're seeing a lag between the rapid expansion of the threat surface that comes with increased multi-cloud adoption, and the deployment of data protection solutions needed to secure them," Veritas Technologies managing director Howard Fyffe said.

"Our research shows that Essential Eight compliance is critical. Fortunately, some businesses are investing to close that resiliency gap -- but unless this is done at greater speed companies will remain vulnerable."

On the point of investment, over half of Australian businesses shared that they had increased their security budget due to the COVID-19 pandemic, with Veritas noting that those that did boost their security investment were able to restore their data faster.

For instance, the company pointed to how 53% of Australian IT executives said they had spent more on security since the pandemic and were able to restore 90% or more of their data, compared with just 43% of those spending less. 

Nonetheless, the results suggest that there is more to be done though, with the average business being able to restore only 82% of its data, Veritas said.

When it came to examining what data protection tools were implemented, the top ones were installing security and behavioural analytical tools, anti-virus software and endpoint security, and backup up data.

Despite Australian organisations continuing to be at risk of ransomware attacks when this is compared on a global basis, they are still better off. Australian organisations had been hit by 1.14 ransomware attacks, which is below the global average of 1.87.

Need to disclose a breach? Read this: Notifiable Data Breaches scheme: Getting ready to disclose a data breach in Australia  

Related Coverage