In a world with ever-evolving cyber threats and tightening cyber resilience requirements, new market insights point to a glaring difficulty in operations recovery despite making ransom payments following a breach.

The stark revelation comes from Veeam Software Group GmbH, whose recent Ransomware Trends report spanned over 1,200 organizations and 3,600 unique incidents.

“This to me is endemic of the problem that our industry is facing right now,” said Jason Buffington, vice president of market strategy at Veeam. “One of the questions that was asked in the survey is basically, ‘Did you pay and did it work?’ So, there’s four outcomes that you get. Four out of five organizations actually did pay the ransom. But if you think about it, 27 out of 81 paid and then still couldn’t recover. In one out of three cases they paid but could not recover — that’s our problem statement.”

Buffington spoke with theCUBE Research’s Christophe Bertrand, during an AnalystANGLE segment on theCUBE, SiliconANGLE Media’s livestreaming studio. They discussed the findings from Veeam’s survey and the sobering picture it paints of cyber resilience’s current state.

Cyber resilience: The broader impact of cyberattacks on businesses

As highlighted by the “Ransomware Trends” report, 81% of respondents admitted to paying ransoms but only 51% recovered their data. Strikingly, however, the survey also reported the size of unrecoverable data at 43%. So, while some organizations regain some normalcy after ransom payments, the recovery was mostly incomplete. This points squarely to the ineffectiveness of simply paying the ransom.

Only 15% of respondents could recover from a major ransomware attack without paying up. This ominous picture illustrates the severe gaps in current cyber resilience practices, Buffington explained.

“That’s what our goal is; the goal should be for the other 85% of the victims out there to be saying, ‘No, we’re not going to pay, we’re going to restore,'” he said. “That is really what the landscape looks like today is more people, nearly double, paid but could not restore than those that restored without paying.”

Contrary to widely held belief, the financial ramifications of cyberattacks extend far beyond the ransom itself. The report shows that an overwhelming 89% of organizations cited their largest financial impact not being the ransom payment itself. In fact, ransom payments typically represent only 32% of the total business impact of a cyberattack, according to Buffington. So, if a ransom amounted to $320,000, the total cost to the business would hover around $1 million.

“One of the things that was new in this year’s research is we actually asked organizations how much was the ransom and then how much was the overall bill?” Buffington said. “So, how much was the overall business impact? There are so many things above and beyond the ransom itself. That number … turns out, on average, when everything was over, the ransom was only representing 32% of the overall business impact.”

A significant challenge in achieving effective cyber resilience is the attack on backup repositories. According to the survey, 96% of cyberattacks targeted backup systems and 76% of these attacks succeeded in compromising them.

“It’s like … you throw me off the side of a boat in the middle of the ocean, what’s the first thing you want to do to make sure that I pay the ransom and I buy your life preserver? You pull up the ladder and you make sure there’s nothing around me that’s floating,” Buffington said. “Remove the ability for me to save myself so that I will pay for your life preserver.”

Here’s the complete interview with Jason Buffington:

Image: Rafa Jodar / Getty Images