Ransomware continues to be the largest single cause of IT outages and downtime, with organizations reporting that 41 percent of data is compromised during a cyber attack, according to the latest Veeam 2024 Ransomware Trends Report.

Because only about 57 percent of compromised data will be recovered, organizations are vulnerable to substantial data loss and negative business impact as a result, the report found.

“Ransomware is endemic, impacting 3 out of 4 organizations in 2023. AI is now enabling the creation of smarter, more advanced security, but it’s also facilitating growth in the volume of sophistication of attacks,” said Dave Russell, senior vice president, head of Strategy at Veeam.

The third annual report provides insights more than 1,200 responses from organizations that experienced at least one successful cyber attack in the preceding 12 months.

Respondents included executives, information security professionals and backup administrators.

“Our report delivers a clear message: ransomware attacks will continue, be more severe than predicted, and the overall impact will cost organizations more than they expect,” Russell added. “Organizations must take action to ensure cyber resiliency and acknowledge that rapid, clean recovery matters most. By aligning teams and bolstering cybersecurity with immutable backups, they can protect their valuable business data while Veeam keeps their business running and secure.”

Nearly 45 percent of respondents reported heightened pressure on IT and security teams. An additional 26 percent experienced a loss of productivity and 25 percent encountered disruptions to internal or customer-related services.

An increased workload post-attack were cited by 45 percent of surveyed individuals and another 40 percent reported heightened stress levels and other personal challenges that are difficult to mitigate on “normal” days.

The report found that organizations still face a misalignment between their backup and cyber teams.

Close to two-thirds (63 percent) of organizations find their backup and cyber teams lacking synchronization.

A reported 61 percent of security professionals and 75 percent of backup admins believe that the teams need either “significant improvement” or that a complete system overhaul is required.

For the third year in a row, the majority (81 percent) of organizations surveyed paid the ransom to end an attack and recover data.

Disturbingly, one in three that paid the ransom still could not recover even after paying.

And also for the third year in a row, more organizations “paid, but could not recover” than those organizations that “recovered without paying,” the Veeam report noted.

In 2023, the report found that 86 percent of organizations had insurance coverage that could have been utilized for a cyber event. Despite only a minority of organizations possessing a policy to pay, 81 percent opted to do so. Of the respondents surveyed, 65 percent paid with insurance and another 21 percent had insurance but chose to pay without making a claim.

Ransoms paid averaged just 32 percent of the overall financial impact to an organization post-attack, Veeam found.

Only 62 percent of the overall impact is in some way reclaimable through insurance or other means, with everything else going against the organization’s bottom-dollar budget.

While cyber and backup teams may not always be organizationally aligned, when asked about the existence of an incident response team (IRT) and whether that team had a playbook, just 2 percent of organizations lacked a pre-identified team.

In addition, the data showed only 3 percent of respondents had teams but without a playbook in place.

There was no significant variation between how much data was affected within the data center vs. data within remote offices/branch offices or even on data hosted in a public or private cloud, the report found.

Almost two-thirds (63 percent) of organizations are at risk of reintroducing infections while recovering from ransomware attacks or significant IT disasters. This is “due to the pressure to restore IT operations quickly and influenced by executives, many organizations skip vital steps, such as re-scanning data in quarantine, causing the likelihood of IT teams to inadvertently restore infected data or malware.”

Respondents of prior cyberattacks recognize the importance of immutability with 75 percent of organizations now utilizing on-premises disks that can be hardened and 85 percent utilizing cloud-storage with immutability capabilities.