Sophos. The State of Ransomware in Retail 2022

The retail sector is no exception when it comes to the growing ransomware challenge that other industries face today. Retail saw the second highest rate of ransomware attacks across sectors, with two in three organizations reporting data encryption following a ransomware attack.

We’ve just released the State of Ransomware in Retail 2022 report, which offers fresh insights into ransomware attack rates, costs and recovery, and ransom payouts by retail organizations over the last year.

The report is based on our annual study of the real-world ransomware experiences of IT professionals, of which 422 respondents belonged to the retail sector, working in mid-sized companies (100-5,000 employees) across 31 countries.

The study reveals an increasingly challenging attack environment, with retail https://vimeo.com/744259875reporting an above-average financial and operational impact of ransomware attacks. It also sheds light onto the relationship between ransomware and cyber insurance, including the role cyber insurance is playing in driving changes to cyber defenses.

Here are the key findings from the report:

  • Retail reported a 75% increase in the rate of ransomware attacks over the last year: 77% of organizations were hit in 2021, up from 44% in 2020
  • The increased attack rate is part of a cross-sector, global trend. The retail sector reported the second-highest rate of ransomware attacks across all sectors
  • Retail experienced an above-average rate of data encryption at 68%; for comparison, the global average was 65%
  • Only 28% of retail respondents said they were able to stop an attack before data could be encrypted – below the global average of 31%
  • 49% of retail organizations paid the ransom to restore data – higher than the global average of 46%
  • The amount of data restored by retail after paying the ransom dropped from 67% in 2020 to 62% in 2021. Following the same trend, the percentage of retail organizations that got ALL their encrypted data back went down from 9% in 2020 to 5% in 2021. For comparison, the global average in 2021 was 4%.
  • The average ransom payment by retail was less than one-third of the cross-sector average: $226,044 in retail vs $812,360 across sectors
  • The overall cost to remediate a ransomware attack for retail organizations dropped over the last year, down from US$1.97M in 2020 to US$1.27 in 2021. The cross-sector average was US$1.4M, for comparison.
  • 88% of retail organizations reported having cyber insurance coverage against ransomware – the second highest rate across all sectors, compared with the cross-sector average of 83%
  • Cyber insurance is driving retail organizations to improve cyber defenses – 97% in retail have upgraded their cyber defenses to secure coverage
  • Retail reported a below-average rate of ransom payout by insurance providers at 35% compared to the cross-sector average of 40%

The increasing rate of ransomware attacks in retail demonstrates that adversaries have become considerably more capable of executing attacks at scale by successfully deploying the ransomware-as-a-service model.

Most retail organizations are choosing to reduce the financial risks associated with such attacks by taking cyber insurance. For them, it is reassuring to know that insurers pay some costs in almost all claims. However, the sector has one of the lowest ransom payout rates by cyber insurers.

It is getting harder for organizations, especially in the retail sector, to secure coverage. This has driven almost all retail organizations to make changes to their cyber defenses to improve their cyber insurance positions.

Read the full report: The State of Ransomware in Retail 2022

Source: Sophos