// UK’s Trusted Technology Specialists

State of Ransomware Risk in 2022


Ransomware-as-a-Service (RaaS) has established itself, sadly, as a viable sector. It would have achieved ‘unicorn’ status if it was a startup. RaaS is different. Cybercriminals are actively developing, and evolving malware designed to cause havoc, all for a subscription fee that ranges from month to month deals to a portion of successful extortion payments.

Cybercriminals with even the most elementary technical skills can deploy a ransomware attack with RaaS.  The lucrative nature of RaaS as well as the difficulty in tracking down and prosecuting operators has led many security experts to believe this business model will continue to flourish in 2022. 


RaaS has a Target Persona

If there is any doubt as to whether RaaS is an ‘ongoing concern’, one just needs to look at the playbook. A primary target or persona has been developed and shared by cyber criminals (Link) . That profile includes:

  • Base of Operations: United States
  • $100 million or more in annual revenue
  • Preferred access purchases including domain administration right
  • Access to Remote Desktop Protocol (RDP) and Virtual Private Network (VPN) services

This playbook has been quite successful around the world in the last few years: 

  • 2020 saw more records hacked than between 2005-2019 combined. (SonicWall)
  • The UK had the second highest number of global ransomware attacks in 2021. (SonicWall)
  • 144% increase in Ransomware attacks in the UK in 2021. (SonicWall)
  • Europe saw a staggering 234% spike in ransomware attacks in 2021. (SonicWall)

Success Rates of Ransomware

  • 93% of company networks can be penetrated by cybercriminals (Link)
  • 88% of all ransomware infections take 4 hours or less (Link)
  • 36% of all data breaches experienced by companies with 1,000 employees or more were caused by malicious employees. For businesses with fewer than 1,000 employees, 44% of all data breaches were caused by malicious employees. (Verizon)
  • At least 1 employee downloaded a malicious mobile application at 46% of organizations in 2021. (Check Point)

Why Organisations Expect to be Hit by Ransomware

Cyber Attacks and Ransomware are a Top 5 Risk in 2022

Leadership views cyber-based incidents as a top threat for 2022.

Cyber incidents ranked first in the Allianz Risk Barometer for only the second time in the survey’s history.


The concern in increases for United Kingdom leadership, whereby the threat of cyber incidents is on the minds of more senior leaders.

What is Driving the Elevated Risk of Ransomware-as-a-Service?

  • Investment in Development: 127 new ransomware families were discovered in 2020, up 34% since 2019. (Statista)
  • Corporate Security Gaps: The security gaps were created from the move to work from home (WFH) fueled by COVID-19. More attacks happened on home computers and networks, with bad actors able to use home offices as criminal hubs by taking advantage of unpatched systems and architectural weaknesses
  • Cloud-Everything Plans: The short-term pain to rush to cloud-everything leads to security holes, challenges, misconfigurations and outages. It’s the ideal environment for a network breach

Ransomware: The Outlook Continues to Deteriorate

The Rise of Double Extortion: Attack Methods Are Evolving

Previously, ransomware was mainly accomplished through single extortion, whereby cybercriminals encrypt an organisation’s data and demand a ransom in exchange for a decryption key.  Now, ransomware groups are exfiltrating victims’ data to an offsite location, then threatening to leak or publish the data if a ransom isn’t paid.


Data Leak Threats on the Rise

Previously, cyber-attacks were thwarted by using a backup to get its information back (if backup software was installed before the attack).  Criminals are adapting to this by including a threat that not only encrypt stolen data, but sell it on the black market.

In 2021, 77% of ransomware attacks included a data leak threat, up 10% from 2020. (Link)


Ransom Demands Are Escalating

  • $5.3 million — up 518%: The average ransom demand in the first half of 2021 totalled (Link
  • $50M: The largest ransom paid


Increase attacks on Supply Chains

Instead of attacking a single victim, cyber criminals are thinking supply chains for one reason: impact. A prime example Kaseya attack in 2021, which impacted at least 1,500 of its managed service provider customers. 


The Grim Reality of Recovering from an Attack

If organisations feel that an attack is inevitable, then the rate of success to recover should be of concern.

  • Only 57% of organisations are successful in recovering their data using a cloud backup (Sophos 2021 report)


Data recovery after paying ransom

  • 29% recover no more than half their data (Sophos 2021 state of ransomware report)
  • 65%: The average amount of data recovered after paying the ransom (Sophos 2021 state of ransomware report)
  • only 8% of Organisations that pay a ransom get back all of their data (Link)
  • 21 Days: The average length of time to get the control of your data (IBM 2021 Cost of a Data Breach report)
  • 46% regained access to their data following payment, however some or all of that data was corrupted (Ransomware: The True Cost to Business, Cyberreason 2021)

The Cost to Recover Continue to Climb

  • $4.67M: The average cost of a breach (not including the ransom payment) for UK organisations in 2021, up 19.7% from 2020. (Link: https://www.ibm.com/security/data-breach), broken down:
    • Detection and escalation (29%),
    • Lost business (38%),
    • Post breach response (27%), and
    • Notification (6%)
  • $401M: Average cost of a breach when 50 million to 65 million records are involved (IBM 2021 Cost of Data Breach Report)
  • 66% of ransomware victims suffered significant revenue loss following the attack (Cyberreason 2021)

Cyber Insurance Will Cover My Costs, Right?

The answer is:  Maybe

  • 42% of cyber insurance claims did not cover all the losses (link)

With the rise of attacks and their success rates, insurers have altered the clauses in their policies, thereby making it more difficult to depend on a payout to cover the costs in the future.

Can I Survive an Attack?

Boards are holding the C-Suite accountable for ransomware attacks, whereby 32% have been removed, either by dismissal or resignation, after a breach. (Cyberreason 2021)

For organisations, there is a material impact on being an on-going concern after an attack”

  • 25% are forced into a short-term period of closure ( Cyberreason 2021)
  • 34% of UK businesses are forced to close after a ransomware attack ( Cyberreason 2021)

When Many Organisations View Ransomware as a Viable Threat, Why Do Organisations Believe They are Safe from an Attack

Ransomware Predictions and Future Trends for 2022

Ransomware is evolving at a rapid pace and will continue to impact all industries in 2022. What should be expected in the near and long term? Some predictions and trends to keep an eye on:

  1. Zero Trust Network Access (ZTNA) models: Gartner believes 30% of organisations will adopt by 2024. (Gartner)
  2. Investor Interest: 60% of organisations, along with investors and venture capitalists, will use cybersecurity risk as a key factor in assessing new business opportunities by 2025. (Gartner)
  3. Increasing Regulatory Compliance: By 2025, 30% of nation states will enact legislation to regulate ransomware payments and negotiations. (Gartner)
  4. Board Governance: 40% of boards will have a cybersecurity committee by 2025 as stricter cybersecurity measures become a top priority. (Gartner)
  5. CEO Priorities: 70% of CEOs will invest in an organizational culture of cyber resilience by 2025. (Gartner)
  6. IoT devices: are predicted to be increasingly used by attackers to carry out ransomware attacks in 2022 and beyond. (RSA Security via Security Boulevard)

And lastly, perhaps the most eye-opening strategy: Pay to Stay Away?!?

Some cyber security leaders now believe that ransomware could evolve even further into a subscription-based model, in which Ransomware cyber criminals are paid to NOT target your organisation.

Preventing a Ransomware Attack and Avoiding the Next Attack

First, Learn from the Attack and Take Immediate Action!

  • 80%: That paid the ransom experienced another attack ( cyberreason 2021)

 In fact, an unnamed organisation that was the target of a successful ransomware attack and paid a ransom demand reported to be in the millions of dollars was apparently targeted in a SECOND ransomware attack by the same threat actors just 2 weeks later because they did not take the necessary steps to understand how the first attack happened or implement additional measures to assure the attack vector was remediated. (https://www.zdnet.com/article/ransomware-this-is-the-first-thing-you-should-think-about-if-you-fall-victim-to-an-attack/)


Top 5 Solutions Adopted After an Attack ( from cyber reason 2021 report )

  1. Email scanning (41%)
  2. Data backup and recovery (43%)
  3. Endpoint Protection (44%)
  4. Security Operations Center (48%)
  5. Security Awareness Training (48%)


Invest in Employee Education

Cybersecurity is ultimately a human problem and fostering internal awareness of how to identify a potential ransomware attack is a critical first line of defense for organisations. A threat can’t be avoided if it can’t be recognised.  Educating your team on how to identify potential cyber threats can significantly reduce the chances of an attack. Investing in ongoing cybersecurity training should be a priority for organisations that want to become more cyber resilient.



Business Address

West Lancashire Investment Centre
Maple View
White Moss Business Park

Registered address 10 Western Road Romford Essex England RM1 3JT Email: info@tes-es.com Tel: +44 (0) 1695-712664

Contact Us