The figures come from a ransomware report compiled by the security firm Sophos over the last 12 months. About 5000 IT decision-makers in 26 countries were queried for the survey. Half the respondents were from organisations of between 100 and 1000 employees, while the other half were from firms of between 1001 and 5000 employees.
In Australia, 200 companies were contacted, while in countries like the US, UK, Germany and India 300 firms were each asked to supply data.
The study found that 51% of the organisations questioned had suffered a ransomware attack in the previous 12 months. This was down in percentage terms from a 2017 survey which found that 54% of the 1700 organisations questioned had been attacked, but much larger in actual numbers, as the sample size this time was 5000.
Paying the ransom did not always lead to recovery of encrypted data, with 5% of government organisations being taken for a ride. However, in Australia, all companies that admitted to paying a ransom said their data had been recovered.
“Organisations may feel intense pressure to pay the ransom to avoid damaging downtime. On the face of it, paying the ransom appears to be an effective way of getting data restored, but this is illusory," said Chester Wisniewski, principal research scientist at Sophos.
He said the company's findings "show that paying the ransom makes little difference to the recovery burden in terms of time and cost. This could be because it is unlikely that a single magical decryption key is all that’s needed to recover. Often, the attackers may share several keys and using them to restore data may be a complex and time-consuming affair".
Sophos found that the public sector was less affected by ransomware than the private sector; 45% of public sector firms were hit in the last 12 months compared to an overall global average of 51%. The media, leisure and entertainment industries were targeted to the extent of 60%.
While many companies (84%) had cyber security insurance, only 64% had insurance cover for ransomware. And in most (94%) cases when a ransom was paid, the insurance company paid up.
Looking at the percentage of organisations hit on a country basis, Australia was below the mid-point with 48% suffering an attack. India was head and shoulders above the rest, with 82% of firms attacked.
Japan had the least success in thwarting attacks, with data encryption happening in 95% of attacks, while Turkey stopped more than half the attacks (51%) before encryption could take place.
Only 6% of the firms attacked failed to get their data back. Paying the ransom worked for 26% while 56% got their data from backups. The remaining 12% did not specify how they had obtained access to their data.
Remediation costs varied from country to country; in Australia it was US$1.2 million while the Czech Republic spent a little over a quarter of a million in the average remediation.