Cybersecurity firm Sophos has revealed that retail had the second highest rate of ransomware attacks last year of all sectors surveyed after the media, leisure, and entertainment industry.
This follows a report done by the company named The State of Retail 2022.
Globally, 77% of retail organizations surveyed were hit – a 75% increase from 2020. This is also 11% more than the cross-sector average attack rate of 66%.
Retailers continue to suffer one of the highest rates of ransomware attacks in any industry. With more than three in four suffering an attack in 2021, it certainly brings a ransomware incident into the category of when, not if. – Sophos in a statement.
Furthermore, as the percentage of retail organizations attacked by ransomware increased, so did the average ransom payment.
In 2021, for instance, the average ransom payment was $226,044, a 53% increase when compared to 2020 ($147,811).
However, this was less than one-third of the cross-sector average ($812K).
Additional findings
While the retail sector was the second most targeted industry, the perceived increase in the volume and complexity of cyberattacks against the industry were slightly below the cross-sector average (55% and 55% respectively).
92% of retail organizations hit by ransomware said the attack impacted their ability to operate and 89% said the attack caused their organization to lose business/revenue.
In 2021, the overall cost to retail organizations to remediate a ransomware attack was $1.27M, down from $1.97M in 2020.
When compared to 2020, the amount of data recovered after paying the ransom decreased (from 67% to 62%), as did the percentage of retail organizations that got all their data back (from 9% to 5%).
“It’s likely that different threat groups are hitting different industries. Some of the low-skill ransomware groups ask for $50,000 to $200,000 in ransom payments, whereas the larger, more sophisticated attackers with increased visibility demand $1 million or more,” said Chester Wisniewski, principal research scientist, Sophos.