X
Tech

Ransomware victims continue to pay up, while also bracing for AI-enhanced attacks

Most organizations have paid up in a ransomware attack, with more than half shelling out over $100,000, and most see generative AI offering malicious hackers more ways to launch attacks, according to a recent survey.
Written by Eileen Yu, Senior Contributing Editor
Computer with ransomware
Peter Dazeley/Getty Images

Most organizations still are choosing to pay up in a ransomware attack, with more than half forking out more than $100,000 to regain access to their systems and data. They also are trying to keep up with the potential for generative artificial intelligence (AI) to pave new ways for adversaries to launch attacks. 

A high 96% of respondents in a Splunk study had encountered a ransomware attack, of which just over half (52%) described the impact on their business systems and operations as significant. 

Also: Ransomware has now become a problem for everyone, and not just tech

Furthermore, 83% admitted to paying the ransom, according to the 2023 CISO Report, which conducted quantitative surveys with 350 chief security officers and leaders in 10 markets, including Australia, Germany, India, Japan, and Singapore. The study also included qualitative research based on hour-long phone interviews with 20 cybersecurity leaders in Canada, the US, and the UK. 

Among those that paid the ransom, 53% forked out more than $100,000, including 9% who said their organization dished out at least $1 million. Some 18% paid the ransom directly to the hackers, while 37% did so via cyber insurance and 28% went through a third party. 

To build up their cyber resilience and visibility, the respondents indicated the need for cross-function collaboration. Some 92% noted a significant or moderate increase in cybersecurity collaboration between their security, IT, and engineering teams. These links also were brought closer through initiatives such as digital transformation, cloud-native software development, and a greater focus on risk management. 

Another 77% described their collaboration with the IT and development teams on incident root cause analysis and resolution as "good" while 42% noted there was room for improvement. 

Among the top security concerns, 40% pointed to social engineering, while 37% were worried about threats related to operational technology (OT) and Internet of Things (IoT), and 33% were concerned about ransomware attacks. 

Also: ChatGPT and the new AI are wreaking havoc on cybersecurity in exciting and frightening ways

Some 70% also believe generative AI provides threat actors more opportunities to launch attacks, with 36% anticipating that AI will power faster and more efficient attacks. Another 36% said the technology could be used for voice and image impersonations for social engineering, while 31% said it could further expand the attack surface of their supply chain. 

However, 35% were themselves experimenting with the technology to beef up their cyber defenses in malware analysis and workflow automation. For instance, 26% were tapping AI to analyze data sources in order to determine which sources should be optimized or removed, while 23% use generative AI to create detection rules. 

Most CISOs, at 93%, had extensively or moderately adopted integrated automation into their processes. 

Furthermore, 86% believe generative AI would plug skills gaps and shortages in the security team, taking over labor-intensive and time-consuming functions, and freeing up security staff to work on more strategic tasks. 

Also: The best VPN services, tested and reviewed

These employees also would need upskilling, as 46% of respondents revealed plans for their security teams to be updated on effective prompt engineering. Another 39% pointed to efforts to train employees to better understand threats that might surface due to generative AI.

The CISOs, however, expressed concern about a flux of tools, with 88% pointing to a need to cut down on the number of security analysis and operations tools with other applications, such as threat intelligence, SOAR (security orchestration, automation, and response), and SIEM (security information and event management).

Editorial standards