Many organizations worry about ransomware but still don’t think they are a target, according to a survey released Wednesday by OpenText.
The overwhelming majority of small and medium-sized businesses [those with up to 1,000 employees] and enterprises questioned felt extremely or somewhat concerned about ransomware attacks.
However, 65 per cent of SMBs and 54 per cent of enterprise respondents said they either don’t believe or aren’t sure they are ransomware targets.
The results were “surprising,” Grayson Milbourne, OpenText’s security and intelligence director said in an interview. After all, he noted, 46 per cent of respondents said their organizations had a ransomware attack this year. And 54 per cent of respondents believe they are more at risk of an attack due to threat actors leveraging artificial intelligence.
Perhaps small firms can rightly believe they won’t be targeted, he said. But, he added, “if you’re an enterprise, if you’re 1,000 people or more, you’re 100 per cent a target.”
However, he agreed with a reporter’s suggestion that a firm can believe it isn’t a target but realize it could be the victim of an opportunistic attack. Just because a firm believes it’s not a target doesn’t mean it isn’t doing anything, it was also suggested.
“I share your concern about the question,” Milbourne replied. “Unfortunately not every survey is perfect.”
Respondents did acknowledge they are spending more on cybersecurity. Forty-four per cent of SMB respondents and 43 per cent of those from enterprises said they plan to expand their security teams next year.
Fifty-seven per cent of SMBs and 53 per cent of enterprises said they plan to increase overall security spend in 2024.
The survey also noted that 64 per cent of SMBs and 70 per cent of enterprises don’t believe in paying a ransom. And 79 per cent of SMBs and 82 per cent of enterprises said they have established recovery plans to mitigate successful ransomware attacks. That indicates they are taking proactive steps in the event an attack occurs, OpenText said in its blog on the survey.
The survey polled 2,016 security, IT professionals, and business leaders from SMBs with up to 1,000 employees, and enterprises with more than 1,000 employees in the United States, the United Kingdom, and Australia between Sept. 27 and Oct. 17.