Even though most organizations don’t believe they will be victimized by a ransomware attack, many understand the business risks and take the necessary precautions, a new study by OpenText Cybersecurity found.
The apparent disconnect is evidenced by increased security spending and plans to expand security teams as well as deploying cybersecurity defenses, while waving off the possibility that they could become a victim.
OpenText surveyed 2,016 security, IT professionals and business leaders from small and medium-sized businesses (SMBs) and enterprises in the U.S., U.K. and Australia from September 27 to October 17, 2023.
Findings show a similarity in how SMBs and enterprises think about ransomware attacks, the cybersecurity defender said.
"The conviction ‘it won’t happen to me’ is a risky mindset. Cyberattacks have become increasingly common and can have serious consequences; no business is immune to an attack," said Prentiss Donohue, OpenText executive vice president. “While many businesses take the right defensive steps, like using access controls, deploying backup and monitoring for threats, a layered security approach that includes education remains the best defense against ransomware. Ongoing education of the risks as well as the techniques used to perpetuate an attack is essential to avoid falling victim."
Key Findings From the Study
- 90% of SMBs and 87% of enterprises feel extremely or somewhat concerned about ransomware attacks.
- 46% of SMBs and enterprises report experiencing a ransomware attack this year.
- 54% of respondents believe they are more at risk of an attack due to threat actors leveraging AI.
- 65% of SMBs and 54% of enterprises either don’t believe or aren’t sure they are ransomware targets.
- 83% of SMBs require employees to take security awareness or phishing training, and are conducting training more frequently, on pace with enterprises.
- 57% of SMBs and 53% of enterprises plan to increase cybersecurity spend in 2024.
While almost half of SMBs and enterprises (46% each) have experienced a ransomware attack:
- 65% of SMBs don’t think or aren’t sure they're a ransomware target for an increase from 59% in 2022.
- 54% of enterprises don’t think, or aren’t sure, they are a ransomware target.
While SMBs and enterprises don’t think they are targets, both are still very concerned about ransomware attacks and the use of AI by threat actors:
- 90% of SMBs are extremely or somewhat concerned about a ransomware attack. This is a slight increase from the previous year’s 88%.
- 87% are extremely or somewhat concerned about a ransomware attack.
- 54% of SMBs and enterprises feel more at risk of suffering a ransomware attack from increased AI use by threat actors.
Businesses are still taking threats seriously with plans to increase security budgets and expand security teams:
- 57% of SMBs plan to increase their security budget in 2024. Of these, 40% plan to increase budgets by 5% to 10% and 33% plan to increase budgets by 10% to 20%.
- 53% of enterprises plan to increase their security budget in 2024. Of these, 37% plan to increase budgets by 5% to 10% and 31% plan to increase budgets by 10% to 20%.
- 44% of SMBs plan to increase the number of employees working on cybersecurity. Of these, 50% plan to increase the number of employees working on cybersecurity by 5% to 10%.
- 43% of enterprises plan to increase the number of employees working on cybersecurity. Of these, 46% plan to increase the number of employees working on cybersecurity by 5% to 10%.