Treasury News Network

Learn & Share the latest News & Analysis in Corporate Treasury

  1. Home
  2. Fraud Prevention
  3. Minimizing Payment Fraud

Ransomware attacks decrease, but companies falling prey to complacency

Ransomware was among five of the leading cyber threats for organizations across multiple countries and industries according to the CyberEdge Group’s 2022 Cyberthreat Defense Report (CDR).

Another survey report released by privileged access management company Delinea revealed that, while the number of ransomware attacks has reduced in the last 12 months, the decline has caused many businesses to become complacent and take fewer precautions, leaving them vulnerable to future attacks.

The report, titled Making the Hard Choices for Ransomware Readiness and Response, is based on a survey of 300 IT and security decision-makers in the US conducted on behalf of Delinea by Censuswide.

Factors that have contributed to the ransomware decline

Delinea’s survey report states that only a quarter (25%) of the respondents reported being victims of ransomware attacks in 2022, compared to 64% the previous year. “The larger the company, the more likely they were to be victimized”, the survey noted. Organizations with over 100 employees were the most frequently targeted, with 56% of respondents in this category experiencing an attack in 2022, compared with 70% in 2021.

Smaller organizations with fewer than 100 employees saw a decrease, with only 13% of respondents saying they were attacked, compared to 34% the previous year. The report suggests that the disbanding of the high-profile Conti ransomware group and the “Ransomware-preventing security control implementations” as security tools in preventing or blocking attacks may both have contributed to the decline.

Multiple motivations for ransomware attacks

Despite the reduction, the survey shows that businesses continue to suffer the consequences of ransomware attacks. In addition to the desire for financial reward, the survey respondents believe “Perpetrators are looking to create problems for businesses and society.”

Source: Delinea

Among respondents who reported attacks, more than half (56%) reported revenue losses, 43% suffered damage to their reputation, 50% lost customers, and 24% had to lay off workers. Furthermore, the survey report cautions that while the volume of ransomware attacks appears to be decreasing, the average ransomware payment is increasing, with payments seen by Palo Alto Networks’ Unit 42 group reaching almost US$1 million in the first five months of 2022, a jump of 71% over the same period in 2021. This is a clear sign that organizations will have to keep a close eye on ransomware breaches.

Fewer ransoms paid, fewer defences against ransomware

The survey also revealed that fewer companies are willing to pay ransom demands to retrieve their data and regain control of their systems. In 2022, only 68% of organizations that experienced a ransomware attack coughed up ransom payments, which is down from 82% the previous year. This shift and the growing reticence may be attributed to warnings by the FBI and other authorities that paying the ransom does not guarantee the return of data and that such extortion payments only encourage perpetrators to indulge in more ransomware attacks.

However, the Delinea report highlights that the drop in ransom attacks and payments are being accompanied by a decline in certain measures that businesses take to protect themselves against ransomware.

According to the survey, “Companies are stagnating or backsliding in the ransomware fight.” Of those surveyed, only 71% said they have an incident response plan in 2022, down from 94% in 2021. What is more troubling is the fact that “Only 68% of companies said they’re currently allocating budget to protect against ransomware. This is in sharp contrast to the 93% of respondents who said they were allocating budget to protect against ransomware in 2021”, observed the Delinea survey. After suffering a ransomware attack, however, 76% of companies increased their security budgets in response, up from 72% the previous year.  

This finding underscores the results of Delinea’s recent cyber insurance survey, which found “That companies often receive more budget for security resources and tools after they’ve suffered a cyberattack. This lack of preparedness is alarming, especially considering the many attack vectors IT and security leaders surveyed recognize that may let ransomware into their organization.”

The report also notes that email is still the most vulnerable area for ransomware attacks, as per more than half (52%) of those surveyed. Software applications were also identified as a key threat by 42% of respondents, while privileged access (29%), cloud (27%, and endpoints (16%) featured among the other vulnerable vectors for ransomware attacks.

Measures to prevent ransomware attacks

What steps can be taken to mitigate risks from ransomware? The first line of defence against ransomware attacks is sprucing the human intelligence component through regular and timely ransomware-focused security training ( for treasury and finance employees, as well as those who have access to payments systems.

Additionally, Delinea chief security scientist and advisory CISO Joseph Carson suggests that companies should take a more proactive approach to cybersecurity, especially in identity and access controls. This could be achieved by embracing the principle of least privilege, founded on zero trust principles and enforced by methods such as password vaulting and multi-factor authentication (MFA), which can significantly reduce a business’s vulnerability to ransomware attacks.

Other measures such as performing frequent data backups, having a comprehensive incident response plan, and investing in cyber insurance policies can help mitigate further risk.


Ransomware threats may be on the decline, but some of the signs of organizational complacency evidenced in the Delinea survey report could cause an increase in ransomware in 2023.

Treasury, finance and security leaders can’t afford to be unprepared or complacent about ransomware attacks. Letting their guard down, overconfidence or stagnation could result in ransomware attacks spreading like wildfire. Assuming that, eventually, a ransomware breach will occur unless steps are consistently taken to prevent it will help organizations fight complacency with vigilant preparedness.

Like this item? Get our Weekly Update newsletter. Subscribe today

About the author

Also see

Add a comment

New comment submissions are moderated.