Verizon report reveals alarming rise in ransomware costs

Share

Verizon Business has unveiled the findings of its 16th annual Data Breach Investigations Report (DBIR) for 2023, shedding light on the escalating costs associated with ransomware attacks.  

The most notable revelation from the report is the exponential increase in the median cost per ransomware incident, which has more than doubled over the past two years, reaching a staggering $26,000.  

Alarmingly, 95% of the incidents that experienced a loss incurred costs ranging from $1 million to $2.25 million. This surge in expenses coincides with a dramatic rise in the frequency of ransomware attacks, surpassing the cumulative number of attacks recorded in the previous five years combined.  

Ransomware continues to be one of the most prevalent methods of cyberattacks, accounting for almost a quarter (24%) of all breaches. 

Related: Australia fights back against ransomware campaigns 

While organizations strive to safeguard their critical infrastructure and enhance cybersecurity training, the report highlights that the human element remains the primary cause of security incidents, contributing to a staggering 74% of total breaches.  

Cybercriminals exploit human vulnerabilities through social engineering techniques, such as phishing, where hackers manipulate individuals into clicking on malicious links or attachments. 

“Senior leadership represents a growing cybersecurity threat for many organizations,” warned Chris Novak, Managing Director of Cybersecurity Consulting at Verizon Business. 

 “Not only do they possess an organization’s most sensitive information, but they are often among the least protected, as many organizations make security protocol exceptions for them. With the growth and increasing sophistication of social engineering, organizations must enhance the protection of their senior leadership now to avoid expensive system intrusions.” 

In addition to ransomware and social engineering, the report highlights the surge in Business Email Compromise (BEC) attacks. Cybercriminals impersonating enterprise employees for financial gain have contributed to a median theft amount of $50,000 USD in BECs.  

This has led to a near doubling of pretexting attacks over the past year. To mitigate this threat, organizations with distributed workforces face the challenge of developing and strictly enforcing human-centric security best practices.