Stylized representation of a ransomeware message that says files have been envrypted (Photo: Shutterstock)

Ransomware attacks have increased 350% since 2018, according to cybersecurity firm Purplesec. The global cost of these attacks grew from $8 billion in 2018, to $20 billion in 2020. The average ransom demanded by hackers exceeded $8,000 in 2020, up from $4,300 in 2018. However, Purplesec's report notes that the greater cost to businesses is in time lost while they secure remaining files and networks, and try to recover lost work.

The report found that downtime costs were 23 times greater than the average ransom requested in 2019. In 2020, businesses lost an average $283,000 per ransomware incident due to downtime, up from almost $47,000 in 2018.

The growth in attacks stem from malicious actors offering ransomware as a service or ransomware kits that are inexpensive and easy for any would-be hacker to use, even without much technical expertise, according to Purplesec.

Small businesses that don't have the resources or expertise to develop comprehensive cybersecurity strategies and infrastructure may be easy prey for hackers, according to Purplesec. They report notes that small businesses accounted for 43% of all cyber attacks.

Small businesses are aware of these vulnerabilities, with three-quarters admitting they don't have sufficient human capital resources to fully address cybersecurity, and two-thirds saying they are very concerned about the risk.

Notably, over half of small businesses are not allocating any financial resources to cyber security, despite it representing an existential threat. The report found 60% of small businesses fail within six months of a cyber attack.

The report identified the most vulnerable industries for ransomware attacks:

  1. Government (15.4%)
  2. Manufacturing (13.9%)
  3. Construction (13.2%)
  4. Utilities (11.1%)
  5. Professional services (10.4%)
  6. Retail (7.5%)
  7. Real estate (7.1%)
  8. Hospitality (6.1%)
  9. Healthcare (5.7%)
  10. Education (5%)
  11. Financial institutions (4.6%)

More than one in five ransomware attacks involve social actions such as phishing, the report found, putting pressure on employers to ensure that their employees understand best practices for protecting data online.

Purplesec found that 30% of phishing messages are opened by the people they target, and 12% of those targets click on a link in the email. Troublingly, only 3% of users report suspicious emails to their managers.

The report found that the majority of overall data breaches come from malicious outsiders (56%). However, even though very few cyberattacks originate from an insider trying to harm the company (7%), the second most common source of a data breach is simply human error (34%).

Purplesec recommended steps that employers can take to minimize their risk of a ransomware attack.

  1. Provide education and training for workers.
  2. Conduct regular automated backups.
  3. Minimize access points for a hacker to exploit.
  4. Draft and regularly update an incident response plan.
  5. Implement endpoint monitoring and protection.
  6. Invest in ransomware insurance.
NOT FOR REPRINT

© 2025 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.