PRODUCTS

Sophos. The State of Ransomware in State and Local Government 2022

We’ve just released the State of Ransomware in State and Local Government 2022 report, which offers fresh insights into ransomware attack rates, costs and recovery, and ransom payouts in state and local government organizations over the last year.

The report is based on our annual study of the real-world ransomware experiences of IT professionals, of which 199 respondents belonged to the state and local government sector, working in mid-sized companies (100-5,000 employees) across 31 countries.

The study reveals an increasingly challenging threat environment with state and local government reporting an above-average increase in the perceived volume of attacks and the impact of attacks. It also sheds light onto the relationship between ransomware and cyber insurance, including the role cyber insurance is playing in driving changes to cyber defenses.

Here are the key findings from the report:

  • 58% of state and local government organizations were hit by ransomware in 2021, up from 34% in 2020 – an increase of 70% over the course of a year
  • At the same time, the sector reported one of the lowest ransomware attack rates, at 58% compared to the cross-sector average of 66%
  • State and local government reported one of the highest data encryption rates following ransomware attacks: 72% in state and local government vs 65% across sectors
  • Only 20% said they were able to stop an attack before the data could be encrypted, considerably below the cross-sector average of 31%
  • Just 63% of state and local government organizations whose data was encrypted used backups to restore data compared to the cross-sector average of 73%
  • 32% of state and local government organizations paid the ransom to restore encrypted data – the lowest reported ransom payment rate across all sectors and considerably below the global average of 46%
  • The average ransom payment by state and local government organizations was less than one-third of the cross-sector average: $213,801 in state and local government vs $812,360 across sectors
  • On average, only 58% of encrypted data was recovered by state and local government, lower than the cross-sector average recovery rate of 61%
  • State and local government organizations reported the lowest recovery cost of all sectors at $0.66M. This represents a drop of almost $1 million from the average cost of $1.64M reported by the sector the year prior. In comparison, the cross-sector average cost was US$1.4M.
  • 80% of state and local government organizations reported having cyber insurance coverage against ransomware, lower than the cross-sector average of 83%
  • Cyber insurance is driving state and local government organizations to improve cyber defenses: 96% have upgraded their cyber defenses to secure coverage
  • State and local government organizations reported the lowest clean-up payout rate of 44%, considerably lower than the cross-sector average of 77%. The sector reported an above-average rate of ransom payout by insurance providers, with insurers paying out in almost half (49%) of incidents compared to the cross-sector average of 40%

The increasing rate of ransomware attacks in state and local government demonstrates that adversaries have become considerably more capable of executing attacks at scale by successfully deploying the ransomware-as-a-service model.

Most state and local government organizations are choosing to reduce the financial risk associated with such attacks by taking out cyber insurance. For them, it is reassuring to know that insurers pay some costs in almost all claims.

However, it is getting harder for organizations – especially in the state and local government sector – to secure coverage. This has driven almost all state and local government organizations to make changes to their cyber defenses to improve their cyber insurance positions.

Read the full report: The State of Ransomware in State and Local Government 2022

Sophos: Sophos