Ransomware Trends 2024: How Much Businesses Are Paying to Recover Their Data

Ransomware remains one of the most pressing threats to organizations worldwide as cybercriminals continue to develop increasingly sophisticated tactics. To stay on top of these developments, Hornetsecurity regularly conducts surveys to track trends and gather insights from IT professionals.

In this edition of 'The Sting of Security', we focus on key findings from Hornetsecurity's 2024 Ransomware Survey, revealing how much businesses are paying to recover their data. We outline the latest trends in ransomware attacks, their impact on organizations, and the measures businesses are taking to strengthen their defenses.

A Shift in Ransomware Incidents

One of the most notable findings from this year's Hornetsecurity Ransomware survey is the decline in the overall percentage of organizations affected by ransomware attacks, with just 18.6% reporting an incident in 2024—the lowest rate since we began tracking this data in 2021. However, while fewer organizations may be falling victim, the complexity and impact of these attacks are increasing.

16.3% of Victims Paid the Ransom in 2024

The percentage of victims forced to pay a ransom to recover their data surged to 16.3% this year, compared to just 6.9% in 2023. This stark rise illustrates the growing desperation among organizations to regain access to their critical data as attackers target backup systems, traditionally the last line of defense. In fact, 14% of victims reported that their backup storage had been affected, further complicating recovery efforts.

Phishing Attacks Lead the Way

Phishing emails remain the dominant entry point for ransomware, accounting for over half of all attacks in 2024. These attacks typically involve tricking employees into clicking malicious links or downloading infected attachments, which allow ransomware to be deployed across networks. This trend emphasizes the need for ongoing employee cybersecurity training, as human error continues to be a major vulnerability.

Small Businesses Hit Hard: Most Ransom Payments Between $10K and $100K

Smaller organizations—those with 1-50 employees—are disproportionately targeted by ransomware, accounting for 55.8% of incidents. With less sophisticated defenses, small businesses face more significant risks. Alarmingly, 1 in 5 small businesses targeted by ransomware ended up paying the ransom, with 60% paying between $10,000 and $100,000. The remaining victims paid less than $10,000.

The Rise of Ransomware Insurance

More organizations are turning to ransomware insurance to mitigate the financial fallout of an attack. In 2024, 54.6% of organizations reported having a policy, a significant jump from 42.2% in 2023. However, securing insurance doesn't mean businesses can ease up on security—many insurers now require companies to meet stringent security standards to qualify for coverage.

Unidentified Attack Vectors Remain a Problem

A troubling 1 in 10 organizations affected by ransomware in 2024 reported not knowing how their systems were infiltrated. This "unknown" factor makes it difficult for businesses to close security gaps, leaving them vulnerable to repeat attacks.

A Growing Threat That Requires Stronger Defences

The Hornetsecurity ransomware survey highlights that while fewer organizations may be falling victim to attacks, the complexity, impact, and financial fallout from ransomware incidents are on the rise. Organizations of all sizes must bolster their defenses with robust backup strategies, employee training, and advanced security protocols to keep pace with these evolving threats.

Read the full report here.