Most Public Sector Victims Refuse to Pay Ransomware Gangs

The public sector is leading the way on ransomware resilience and refusing to pay its attackers, according to new research from Veritas.

The data management firm polled 2690 IT execs at companies of over 1000 employees to compile its 2020 Ransomware Resiliency Report.

It found that 86% of public sector respondents targeted with ransomware refused to pay, compared to an average of 43% across all verticals.

This is linked to the fact that these organizations were more likely to be able to bounce back quickly from an incident, recovering over 90% of their data versus an average of 69% across all sectors, the study revealed.

Veritas claimed that this enhanced resilience to ransomware can be partly explained by the relative simplicity of public sector cloud environments.

Organizations in this vertical use just 6.43 cloud services on average, the lowest of any vertical and almost half the global average of 11.73, the vendor argued. Only 5% of government organizations run more than 20 cloud services, versus a sector-wide average of 16%.

The backup specialist noted that 46% of public sector organizations have been hit by ransomware infection at least once in the past, with 9% facing three to five attacks. This chimes with findings from Coveware, which put the sector second overall in Q3 2020, accounting for 11.6% of total attacks and behind only professional services (25.2%).

However, the digital transformation push sparked by the COVID-19 crisis may yet increase the organizational attack surface and complexity for public sector bodies, as they ramp up cloud adoption.

“Importantly, this process hasn’t finished yet and the public sector remains one of the most attractive ransomware targets around. It’s almost inevitable that with time, the complexity of cloud within public sector organizations will grow,” argued Veritas UK&I director for public sector, Andy Warren.

“Now is the time for these IT departments to make sure they’ve got the full visibility and control over that data so they can remain as prepared in the future as they are now.”

What’s Hot on Infosecurity Magazine?