The retail industry was the second most targeted by ransomware in 2021

A survey report by Sophos - The State of Ransomware in Retail 2022, found that the retail industry had the second highest rate of ransomware attacks last year of all sectors surveyed.

The most targeted was in media, leisure, and entertainment industry.

Globally, 77% of retail organizations surveyed were hit— a 75% increase from 2020.  This is also 11% more than the cross-sector average attack rate of 66%.

As the percentage of retail organizations attacked by ransomware increased, so did the average ransom payment. In 2021, the average ransom payment was $226,044, a 53% increase when compared to 2020 ($147,811). However, this was less than one-third the cross-sector average ($812K).

Commenting on this, Chester Wisniewski, principal research scientist, Sophos, said “Retailers continue to suffer one of the highest rates of ransomware attacks of any industry. With more than three in four suffering an attack in 2021, it certainly brings a ransomware incident into the category of when, not if. This year’s survey shows that only 28% of retail organizations targeted were able to stop their data from being encrypted, suggesting that a large portion of the industry needs to improve their security posture with the right tools and appropriately trained security experts to help manage their efforts.

Additional findings from the survey include:

• 92% of retail organizations hit by ransomware said the attack impacted their ability to operate and 89% said the attack caused their organization to lose business/revenue
• When compared to 2020, the amount of data recovered after paying the ransom decreased (from 67% to 62%), as did the percentage of retail organizations that got all their data back (from 9% to 5%)

Learn from from the survey report here