Report: Australian businesses less likely to report ransomware attacks

One in 10 Australian organisations hit by ransomware attacks do not report the incident.

A new report has shown a worrying trend among Australian businesses that have fallen victim to ransomware attacks.

While most businesses report such attacks to the proper authorities, 10 per cent of Australian organisations stay quiet about the matter.

That may not sound like much of a reporting gap, but according to Sophos’ State of Ransomware 2024 report, it is well above the global figure, with only 3 per cent of companies globally failing to report an attack.

That said, the majority of Aussie businesses – 59 per cent – that do report an attack have found dealing with law enforcement to be a relatively easy process. However, 8 per cent did report that the process was difficult.

Regarding data recovery, however, Australia is on track with the rest of the world, with 59 per cent of businesses polled saying that they were able to restore encrypted data with the help of law enforcement agencies.

“Companies have traditionally shied away from engaging with law enforcement for fear of their attack becoming public. If they are known to have been victimised, it could impact their business reputation and make a bad situation worse. Victim shaming has long been a consequence of an attack, but we’ve made progress on that front, both within the security community and at the government level. New regulations on cyber incident reporting, for example, appear to have normalised engaging with law enforcement, and this survey data shows organisations are taking steps in the right direction,” Chester Wisniewski, director and field chief technology officer at Sophos, said in a statement.

“If the public and the private sectors can continue to galvanise as a group effort to help businesses, we can continue to improve our ability to recover quickly and gather intelligence to protect others or even potentially hold those conducting these attacks responsible.”

Sophos’ Active Adversary report also found that ransomware continues to be the most prevalent form of cyber attack. Seventy per cent of more than 150 incident report cases globally handled by Sophos X-Ops were ransomware attacks.

“While improving cooperation and working with law enforcement after an attack are all good developments, we need to move from simply treating the symptoms of ransomware to preventing those attacks in the first place,” Wisniewski said.

“Our most recent Active Adversary report showed that many organisations are still failing to implement key security measures that can demonstrably reduce their overall risk profile; this includes patching their devices in a timely manner and enabling multifactor authentication. From the law enforcement side, while they have had some recent successes with takedowns and arrests from LockBit to Qakbot, these successes have proven to be more akin to temporary disruptions than longer-term or permanent wins.”

You can read the full State of Ransomware 2024 report here.