OpenText released its third annual 2024 Global Ransomware Survey, which reveals the current state of ransomware attacks, including ransom payments, the impact of software supply chain attacks and generative AI. The report found that supply chain attacks are widespread with 90% of Indian respondents having been impacted by a ransomware attack originating from a software supply chain partner in the past year. With well-funded cybercriminals increasingly targeting software supply chains and harnessing generative AI to increase phishing attempts, businesses face a persistent struggle to stay ahead of evolving ransomware threats and the rising cost of attacks.

“Small and medium businesses (SMBs) and enterprises are stepping up their efforts against ransomware, from assessing software suppliers to implementing cloud solutions and boosting employee education. However, the increase in organisations paying the ransom only emboldens cybercriminals, fuelling more relentless attacks,” said Muhi Majzoub, executive vice president and chief product officer, OpenText. “Businesses must proactively defend against sophisticated threats like supply chain vulnerabilities and AI-driven attacks, while ensuring resilience through data backups and response plans, to avoid empowering the very criminals seeking to exploit them.”

Ransomware strikes

Alarmingly, nearly half of respondents (48%) reported that their company has previously experienced a ransomware attack, with almost three-quarters (73%) of companies experiencing a ransomware attack this year. Among those who experienced a ransomware attack in the past year, about half (46%) paid the ransom, with 31% of those payments ranging between $1 million and $5 million. The survey also revealed that SMBs experienced more ransomware attacks than large enterprises this year, highlighting the need for organisations of all sizes to defend against ransomware.

With 39% of companies testing the reliability of recovery plans with techniques like dry runs once every few months, and 29% twice a year, companies can recover data after these attacks. Almost all respondents (97%) reported the successful restoration of their organisation’s data. Data management solutions help companies retrieve this data and keep their businesses running.

Supply chain attacks at centre stage

A majority of respondents (91%) are concerned about ransomware attacks on their company’s downstream software supply chain, third-party and connected partners. Recent breaches by key industry vendors like Change Healthcare, Ascension and CDK Global that caused sector-specific outages and losses made respondents more concerned about being impacted by a supply chain attack; almost half (49%) are concerned enough to consider making vendor change.

Among those who experienced a ransomware attack in the past year, 62% reported that they have been impacted by an attack originating from a software supply chain partner. Notably, 90% of these respondents are planning to enhance their collaboration with software suppliers to improve security practices over the next year.

Given the massive sector-specific outages caused by these recent breaches and other impacts, two-thirds of respondents (67%) are planning to increase collaboration with software suppliers to improve security practices in the next year. Only 15% are not. Almost three-quarters (71%) of respondents assess the cybersecurity practices of their software suppliers at least twice a year.

In addition to regular security audits of software suppliers, vendors and partners, which ranked as the most important tool to help secure the software supply chain, the implementation of advanced threat detection tools is the second most important. Threat detection and response tools need to go beyond traditional borders so organisations can proactively protect their assets from attacks.

AI-powered attacks

While the rise of AI empowers security teams to more effectively triage alerts and automate response, AI also helps cyber criminals be more efficient, contributing to an increase in phishing attacks and growing fears about AI-powered attacks.

Nearly half (45%) of respondents observed an increase in phishing attacks due to the widespread use of AI, and among those who have experienced a ransomware attack, 69% noted an uptick in phishing. Similarly, 55% of survey participants believe their companies are at greater risk of suffering a ransomware attack due to the proliferation of AI usage among threat actors.

Investing in cybersecurity

Awareness for ransomware threats is growing and so is regulation. According to 37% of respondents, regulatory compliance or cyber insurance requirements are the primary drivers for increasing ransomware defence investment within the software supply chain.

As such, about three-quarters (72%) of respondents are covered by cyber insurance in case an attack is successful. A surprising 25% are not and only 3% are not because it’s too expensive. The financial risks, however, presented by the increasing frequency and sophistication of cyber threats make cyber insurance an essential investment.

Businesses are also increasingly investing in cloud security as well as security awareness and phishing training. Almost two-thirds (66)% of respondents reported that their companies are prioritising cloud security. Over half (56%) of companies outsource security to an IT or managed services provider.

Furthermore, 91% of respondents stated their companies require employees to participate in security awareness or phishing training. In 2024, 66% of companies conducted training at least once per quarter, a significant increase from 39% in 2023. The rise in security awareness training is a positive indication that organisations are taking ransomware threats seriously and understand the risk that employees on the front lines represent. Respondents believe current security awareness programs and training are effective in addressing AI-related risks – 88% of respondents think programs and training are very or somewhat effective.

Avoid paying the attacker’s paycheck

The findings from OpenText’s Cybersecurity 2024 Global Ransomware Survey reveal that while investments in cybersecurity are increasing, companies are still paying ransoms at an alarming rate. Paying a ransom only perpetuates the problem. If we are to disrupt the growing trend of ransomware attacks, it starts with companies refusing the pay the ransom and instead relying on their cyber resiliency playbook.