Newly released research indicates that businesses face significant threat from from ransomware attacks and data exfiltration over the past 24 months, according to Halcyon, an anti-ransomware platform provider.

According to the “Ransomware and Data Extortion Business Risk Report”, one-in-five (18 percent) businesses suffered a ransomware infection 10 or more times in a 24-month period, one-in-five (18 percent) were infected 5-9 times, and 30 percent were infected 2-4 times.

Data exfiltration occurs in nearly every major ransomware attack today, Halcyon found, with nearly two-thirds (60 percent) of respondents reporting that sensitive or regulated data was exfiltrated from their organization, and more than half (55 percent) reporting the attackers issued an additional ransom demand to protect the exfiltrated data.

Another 58 percent of victims reported that the loss of sensitive data put their organizations at additional risk of regulatory action and lawsuits.

“The C-suite and BoD need to recognize that most of these attacks today are basically data exfiltration attacks with some ransomware sprinkled in, and once the data is exfiltrated the damage is done,” said Jon Miller, CEO & co-founder, Halcyon. “Data exfiltration, in many cases, is a bigger problem for the victim organization than the disruption to operations because, as the report highlights, even if an organization pays the ransomware demand, these criminals still have that data, putting victim organizations and their leadership at heightened risk of lawsuits and regulatory actions.”

The report also revealed a strong disconnect between perception and reality when it comes to prevention and resilience against ransomware and data extortion attacks.

Nearly 88 percent of respondents indicated they were somewhat or very confident their organizations’ current security deployments could disrupt an attack before a ransomware payload is delivered, and 85 percent were somewhat or very confident their organizations could quickly resume regular operations following a successful attack.

Yet more than one-in-three (36 percent) were infected 5 times or more over the two-year period.

Additionally, 62 percent of organizations hit by ransomware reported a major disruption in operations, with 38 percent indicating operations were disrupted for at least two months to more than six months.

The findings indicate that organizations are overly confident in their ability to defend against and quickly recover from ransomware attacks, the report noted.

“The disconnect between perceived and actual risk is not helping organizations be more resilient to ransomware attacks,” said Anthony M. Freed, director of Research and Communications, Halcyon. “While most respondents feel confident their current security deployments are adequate for both prevention and recovery, the data shows that the majority of attacks are nonetheless successful and victim organizations are struggling to get operations back up and running, which is what is driving up these post-attack recovery costs.”

In all cases, ransomware attackers successfully bypassed security prevention controls.

Of the businesses that opted to pay a ransom demand, the majority (78 percent) said the attackers failed to provide a working decryptor or data was corrupted upon decryption.

Fifty-nine percent of participants indicated incident response costs were more than $1 million.

More than half (57 percent) said the attacks will have a negative impact long-term on their organization’s operations, competitiveness, profitability or overall viability.

Of the organizations that have cyber insurance, two-in-five (39 insurance) said their premiums increased significantly following a ransomware attack, while more than one-quarter (28 percent) indicated premiums increased slightly.

Research was conducted through an independent survey with responses from 913 directors-level or above and members of the security or IT teams that were targeted by a ransomware attack in the past 24 months.