A staggering four out of five South African organisations -78% – were hit by ransomware in the past year, a considerable increase from the 51% that reported an attack in 2022, and well above the global average of 66%.
Exploited vulnerabilities were the most common root cause of attack for South African organisations, used in 49% of incidents. Compromised credentials were the second most frequent attack vector, used in 24% of attacks. The survey says that 100% of South African organisations whose data was encrypted got data back, slightly above the global average of 97%; and backups remain the most common method used for restoring data with 76% of South African respondents whose data was encrypted using this approach. This is in line with the 80% that used backups in the 2022 survey. Twenty four percent of local organisations that had data encrypted used multiple recovery methods in parallel.
Excluding any ransom payments, the average bill incurred by South African organisations to recover from a ransomware attack was reported at $0,75-million, including costs of downtime, people time, device cost, network cost, lost opportunity, etc. This is considerably less than the global average cost of $1,82-million.• 82% of private sector South African organisations hit by ransomware said the attack caused them to lose business/revenue, slightly lower than the global average of 84%.