Retail was the second-most targeted industry by ransomware last year of all sectors, after media, leisure and entertainment sectors, a report has shown.
Globally, 77 per cent of retail organisations surveyed were hit — a 75 per cent increase from 2020.
This is also 11 per cent more than the cross-sector average attack rate of 66 per cent, according to global cybersecurity firm Sophos.
In 2021, the average ransom payment was $226,044, a 53 per cent increase when compared to 2020 ($147,811).
“Retailers continue to suffer one of the highest rates of ransomware attacks of any industry. With more than three in four suffering an attack in 2021, it certainly brings a ransomware incident into the category of when, not if,” said Chester Wisniewski, principal research scientist, Sophos.
The report showed that only 28 per cent of retail organisations targeted were able to stop their data from being encrypted.
“It’s likely that different threat groups are hitting different industries. Some of the low-skill ransomware groups ask for $50,000 to $200,000 in ransom payments, whereas the larger, more sophisticated attackers with increased visibility demand $1 million or more,” said Wisniewski.
In 2021, the overall cost to retail organisations to remediate a ransomware attack was $1.27 million, down from $1.97 million in 2020.
When compared to 2020, the amount of data recovered after paying the ransom decreased (from 67 per cent to 62 per cent), as did the percentage of retail organisations that got all their data back (from 9 per cent to 5 per cent).