Nearly 80% of Indian organisations faced ransomware attack in 2021

Indian organisations are facing a spike in ransomware attacks amid growing digital transformation on the back of the pandemic.

According to a report by Sophos, 78% of Indian organisations surveyed were hit with ransomware in 2021, up from 68% in 2020. This is the highest rate of ransom payment reported across all 31 countries surveyed.

The average ransom paid by Indian organisations that had data encrypted in their most significant ransomware attack, was $1,198,475, with 10% of victims paying ransoms of $1 million or more.

These organisations that had data encrypted paid the ransom to get their data back, even if they had other means of data recovery, such as backups.

Also, a March 23, 2022, report by Thales notes that one (25%) out of four organisations in India has witnessed a ransomware attack last year, higher than the global number of 21 per cent.

Also read: Malware on remote devices doubles since 2020, 1 in 10 fall prey to mobile phishing

“In 2021, the percentage of victim organisations directly impacted by ransomware increased from 68% to 78%. Ransomware isn’t something that might happen, it is something that will happen if you haven’t taken the precautions necessary,” said Sunil Sharma, managing director, sales, India and SAARC, Sophos.

The Sophos report notes that many organisations rely on cyber insurance to help them recover from a ransomware attack. Around 89% of mid-sized organisations had cyber insurance that covers them in the event of a ransomware attack — and, in 100% of incidents, the insurer paid some or all the costs incurred.

According to Sophos, 94% of those with cyber insurance said that their experience of getting it has changed over the last 12 months, with higher demands for cybersecurity measures, more complex or expensive policies and fewer organisations offering insurance protection.

Thales noted that despite this, 41% of respondents said they had no plans to change security spending, even with greater ransomware impacts. And less than half of respondents (48%) have implemented a formal ransomware plan.