In the last ten years, the number of ransomware attacks in Austria has increased significantly, almost half of the companies surveyed by Deloitte and SORA have already experienced a ransomware attack themselves. […]
In recent years, a rapid increase in cybercrime has been noted. Almost half of the companies surveyed have already had at least one attack with ransomware. Ransomware is malware that locks the computer or encrypts data on it.
“For the third time since 2019, we now have a look at cyber threats in a representative sample of companies with 50 or more employees. The awareness of the threats from the Internet is increasing in the domestic management floors – no wonder, because criminal cyber attacks and related damage are now part of everyday life in Austria,“ explains Christoph Hofinger, Managing Director of SORA.
Cybercrime is omnipresent
“Every eighth company in Austria has to deal with ransomware attacks almost every day,” explains Georg Schwondra, partner and cyber security expert at Deloitte Austria. “In a fifth of companies, cyber criminals have managed to encrypt sensitive data in the context of an attack. Although security measures such as backups can largely restore data, decryption costs time and money.“
Only 5% of companies affected by data encryption claim to have agreed to the financial demands of cyber criminals and paid a ransom. “This low percentage should be treated with caution, because many of those affected do not provide any information about it. We know from our consulting practice that the number of unreported cases is significantly higher,“ says Georg Schwondra. Timea Pahi, Manager at Deloitte Austria, adds: “It is important to inform companies in advance in the best possible way about how they can react quickly and effectively to a ransomware attack. Prevention is the be-all and end-all: employees must be sensitized through regular training courses.“
Economic damage caused by ransomware attacks
If a one-week failure of the computer system occurs as a result of a cyber attack, the medium-sized and large companies surveyed expect an average financial loss of 1.2 million euros. The actual costs for a shutdown of the IT system must be set noticeably higher from an expert’s point of view. “In addition to the lost revenue, all costs for the recovery and procurement of the encrypted data must also be included – here you get a significantly higher sum,” says Deloitte Partner Georg Schwondra.
In addition to the financial damage, the image consequences and the loss of important information as a consequence of a cyber attack also represent a great burden for every tenth affected company. “Reputation is a great asset. That is why, in the event of an attack, many remain silent and do not turn to the authorities. The fear of image damage is too great,“ emphasizes Georg Schwondra.
Inadequate preventive measures
With the increasing number of cyber attacks, the question is not whether a company is experiencing a ransomware attack, but when and with what consequences. If an emergency occurs, currently only one in five domestic companies can fall back on a previously developed crisis or emergency plan.
“When it comes to cyber security, comprehensive and regularly tested preparatory measures play a decisive role. In addition to a crisis and emergency plan, a good IT security concept should also include tools such as network segmentation and detection measures for cyber attacks,“ adds Timea Pahi.