The ransomware state of the union


From January through March of this year, Sophos, a cybersecurity-as-a-service provider that specializes in managed detection and response, commissioned an extensive survey of IT and technology leaders to find out what’s really going on inside organizations with regards to cybersecurity (and specifically ransomware). The report for 2023 revealed some shocking findings we thought worth breaking down for our audience and clients. So, let’s get into it.

About the ransomware survey

Sophos commissioned an independent, vendor-agnostic survey of 3,000 IT/cybersecurity leaders in organizations with between 100 and 5,000 employees across 14 countries in the Americas, EMEA, and Asia Pacific.

Topline results

  • Sophos’ research found that the rate of ransomware attacks has remained level from 2022 to 2023, but with a whopping 66% of respondents reporting that their organization was hit by ransomware in the previous year. As we’ve written about before, adversaries are now, more than ever before, able to consistently execute attacks at scale — making ransomware arguably the biggest cyber risk facing organizations today. Cyber criminals have been utilizing and refining the ransomware-as-a-service model for several years, which lowers the barrier to entry for would-be ransomware actors (while also increasing attack sophistication).
  • Threat actors succeed in encrypting data in over three quarters (76%) of ransomware attacks. According to Sophos, “this likely reflects the ever-increasing skill level of adversaries who continue to innovate and refine their approaches.”
  • In 30% of attacks, threat actors not only encrypted company data, but also stole data as well — known as a double dipping
  • The good news is that 97% of organizations that had data encrypted got data back
    • Backups were the most common approach, used in 70% of incidents
    • 46% paid the ransom and got data back, while 2% used other means
    • Overall, one in five (21%) used multiple methods to restore their data
    • 1% of organizations that had data encrypted paid the ransom but didn’t get data back
  • Organizations with cyber insurance were considerably more likely to recover encrypted data than those without such policies
  • The average (mean) ransom payment almost doubled from $812,380 in 2022 to $1,542,333 in 2023. The median ransom payment reported in their 2023 study was $400,000.


That’s a lot of numbers to be sure, but the base level takeaway is that ransomware is maybe the biggest cyberthreat facing organizations today. Regardless of industry, revenue, size or nationality, the numbers paint a stark picture.

One of the primary points of emphasis in the report was that the rate of companies using their backups to recover data has dipped significantly year-over-year. You’d think companies becoming more wise to the threats of ransomware (and cyberattacks more generally) would invest more in backup protection, not less.

But the overall picture is one in which threat actors are pervasive, persistent, and generally successful.

If you’re a big company, you probably have an entire team or company division focused on cybersecurity. But for small or medium-sized businesses, it may make sense to partner with a managed service provider who specializes in this to help build and maintain your defense posture.

We’ve spent years honing our craft, refining our methods and stress-testing our systems to ensure all of our clients achieve maximum security and maintain uninterrupted up-time. Because you can’t make money when your IT systems don’t work (even outside of cyber threats).

If you’re interested in talking about how Leverage could help you achieve a safer and more stable technology stack, give us a shout. We’d love to chat!