Half of ransomware victims paid the amount demanded by hackers in 2021: report

NOVIPRO, a Canadian IT company, unveiled its sixth annual IT Portrait of Canadian Businesses in collaboration with Leger, which revealed “the deep vulnerability of Canadian companies to computer attacks.”

The study reveals that more than half (56 per cent) of organizations targeted by malware have paid the amounts requested by cybercriminals. Of these, one of three companies (33 per cent) retained the services of a negotiator, while 23 per cent proceeded without the help of an intermediary.

Sixty per cent of companies have sensitive customer data (e.g. confidential information, credit card numbers, social insurance numbers, etc.) and nearly one third (28 per cent) value their information assets (data, people, processes, recipes, etc.) at more than $1 million.

“If organizations invested even a fraction of the potential cost of an attack, they could easily put systems in place to guard against such fraud,” said Yves Paquette, Co-founder and CEO, NOVIPRO. “In the physical world, you’d employ a detachment of guards to protect something with a seven-figure value, however, there still seems to be a disconnect when the ‘something’ is digital.”

Reflecting the feedback from 2020, companies that are victims of cyberattacks once again admit that their employees are the largest source of cyber threats (53 per cent). Of these, 31 per cent are motivated by malicious intent and 22 per cent unintentionally trigger an attack by clicking, for example, on a fraudulent link. Despite this, the percentage of organizations that have trained their teams have continued to steadily decrease for the past three years. Only 40 per cent of respondents plan to offer training to their teams on this topic next year.

“The pandemic has forced companies to focus their energies on operational emergencies,” said Dominique Derrier, Chief Information Security Officer, NOVIPRO. “We see that in 2021 they are more aware of computer threats, but are slow to take significant action. It is imperative that organizations apply the latest infrastructure and engage the right experts to ensure their IT security. Not only are their operations at stake, but their reputations as well.”