Ransomware remains a dominant force in the cybersecurity landscape, inciting significant concern across industries. Regular headlines underscore the catastrophic effects of these attacks, underscoring the vital need for robust defenses and informed decision-making. Our Information Risk Insights Study on Ransomware aims to transform the prevalent fear, uncertainty, and doubt (FUD) into a proactive stance of awareness, preparedness, and resilience. By presenting clear, data-driven insights, we guide organizations from uncertainty to strategic, informed action.

The Cyentia Institute’s IRIS 20/20 Xtreme report delves into the 100 largest cyber incidents over the past five years, analyzing a total of $18 billion in reported losses and 10 billion compromised records. This study, a continuation of the initial IRIS 20/20 research, utilizes Advisenu2019s Cyber Loss Data, enriched with additional data points for each incident, to provide a detailed breakdown of costs, categorize incident types, and identify the actors and actions involved. The primary aim is to dispel the prevalent fear, uncertainty, and doubt surrounding cyber risksand to aid managerial decision-making through robust data-driven insights. The report reveals that the median loss for these extreme events is $47 million, with about 25% exceeding $100 million and a few surpassing the $1 billion mark. The sectors most affected include financial and information sectors, with common incident types being data breaches, ransomware, fraud, and cryptocurrency theft. Notably, state-affiliated actors are responsible for a significant portion of the financial losses, highlighting the scale and sophistication of these cyber threats.The study also discusses the broader implications of these extreme cyber events on the organizations involved. Beyond direct financial losses, which include response costs, lost productivity, and fines, the incidents often lead to significant organizational changes such as executive turnovers and increased government scrutiny, as evidenced by the 27 events reported in U.S. Securities and Exchange Commission filings. The report underscores the disproportionate impact of these cyber events on small and medium-sized businesses relative to their revenue, compared to larger enterprises. Furthermore, the Cyentia Institute plans to continue this research series, inviting collaboration and sponsorship to enhance future studies. This ongoing effort aims to refine the understanding and management of information risks, thereby supporting better preparedness and response strategies against the backdrop of an evolving cyber threat landscape.

PreviousNext
123456

Key Findings

  • The study focused on the 100 largest cyber incidents over the last five years, totaling $18 billion in losses.
  • Data breaches, ransomware, fraud, and cryptocurrency theft are the most common and costliest types of extreme cyber events.
  • One in five of the largest losses over the last five years are attributed to state-affiliated actors, responsible for 43% of all monetary losses.
  • The financial and information sectors experienced the largest number of extreme loss events.
  • NotPetya was responsible for nearly 20% of all financial losses across these 103 extreme events.
Download Report