Published on the 06/02/2025 | Written by Heather Wright

The local figures…

When ransomware hits local businesses, it hits hard according to a new survey which shows 64 percent of Australian organisations hit by ransomware were forced to temporarily halt operations.

The Ponemon Institute research, for tech provider Illumio, reveals some stark figures behind ransomware.

“64 percent of Australian organisations hit by ransomware were forced to temporarily halt operations.”

The 64 percent of Australian respondents who were forced to shut down operations for a period after an attack is higher than the global average of 58 percent.

The Global Cost of Ransomware Study also notes a distinct lack of confidence amongst Australian respondents that they have been very, or highly, effective at reducing the risk of ransomware attacks, with only UK respondents less confident among the six countries surveyed (sorry New Zealand, you’re not included in this survey).

The Australian Cyber Security Centre’s Annual Cyber Threat Report 2023-24 notes that ransomware accounted for 11 percent of the 1,100 cyber security incidents the Australian Securities Directorate responded to during the year. That’s a three percent increase in ransomware reports. Given that reporting of most ransomware attacks isn’t mandatory, the numbers are likely much, much higher.

Indeed, the Ponemon Institute research shows 71 percent of Australian respondents experiencing a ransomware attack didn’t report it to law enforcement, most often for fear of retaliation (43 percent), being up against a payment deadline (37 percent) or not wanting to publicise the incident (31 percent)

The report also backs up the ACSC comments that ransomware is ‘persistent and pervasive’ posing significant operational, financial and reputational risk, providing some striking figures highlighting the impact on Australian businesses – including ‘significant’ revenue loss for 43 percent of local respondents hit by ransomware.

While no specific figures are provided for those ‘significant’ revenue losses in Australia, the Global Cost of Ransomware Study notes that ransomware can reduce revenues due to downtime, lost customers and brand damage. Since 2021, globally more organisations have been reporting brand damage as a consequence of an attack, up from 21 percent to 35 percent of respondents.

Locally, the report says 39 percent of the Australian ransomware victims experienced ‘significant’ damage to their brand, and 39 percent reported losing customers as a result of the attack.

The time and effort to contain and remediate an attack also places a burden on staff and can keep them from completing other important IT security tasks. Globally containment and remediation of an organisation’s largest ransomware attack took an average of 132 hours and 17.5 staff and third parties. Based on the number of hours and staff and third party assistance required, the report says organisations spent an average of US$146,685 on a single attack – slightly down on 2021 when the report put the average cost at $168,910 and an average of 190 hours and 14 staff and third parties.

Locally, the figures were similar at 17 people and 134 hours to contain and remediate each company’s largest attack.

There was a flow on effect to workers too from Australian attacks: 42 percent of respondents said they were forced to cut jobs.

Australian companies are being particularly hard hit by ransomware, with attackers targeting critical systems to cause maximum disruption. Twenty-eight percent of the attacks were targeted at those systems, with local systems down for 12 hours on average. Both data points were the highest globally.

For cyber leaders, ransomware is gaining increasing prominence – the disruption to operations and business processes due to ransomware is now their leading concern, a shift from previous years when data theft was the biggest concern.

More than 50 percent of Australian leaders were concerned about data leakage due to a ransomware attack – putting the country second only to the US in its concerns.

Australian respondents, along with their UK counterparts, were least likely globally to be concerned about the potential for AI-generated attacks being used to launch ransomware attacks at 46 percent. German respondents were most concerned at 56 percent.

Australian organisations were also least likely to adopt AI to prevent ransomware.

And it’s not just AI adoption that local respondents are lagging on.

The report also claims a ‘failure to prioritise investments is hindering Australian businesses. It says 39 percent lack the ability to quickly identify and contain attacks, and only 18 percent have implemented microsegmentation which can help stop spread of breaches and which is more widely deployed in the US (44 percent). Globally 27 percent say they use segmentation/microsegmentation. Multi-factor authentication and automated patching/updates were the top two technologies deployed globally to combat the threat.

As to how the ransomware is being delivered, phishing continues to be the most common vector, followed by remote desktop protocol compromises and software vulnerabilities. Most attacks across the network infect other devices and in over half of the cases attackers exploited unpatched systems to move laterally and escalate system privileges.