Despite the somewhat logical notion that once you’ve paid the ransom, the attack is over, new data shows that paying the ransom doesn’t help you anywhere near how much you think it does.

Everyone planning for a ransomware attack has some kind of scenario in mind of how it’s going to go. Even with a solid incident response plan, this is all well and fine, but it’s necessary to take a look at industry data that spells out what the reality of organizations that have actually gone through an attack looks like.

This is what we find in the Cyber Readiness Report 2022 – Ransomware Update from U.K. cyber insurer Hiscox. In it, readers get a glimpse into how ransomware attacks start, whether they paid the ransom, and what happened after they did.

The results are a bit startling.

Only 59% said they successfully recovered all their data
43% had to still rebuild systems, despite having the ransomware recovery key
34% recovered some of their data
15% said the recovery key didn’t work at all
But the story doesn’t just end there. What about the attack itself? According to the data, it’s far from being over:

36% sustained a second ransomware attack
29% had their data leaked
19% were asked for more money by the attacker
And because 62% of Hiscox respondents said phishing emails are the most common method of entry, it’s evident that this is one of the weak spots in most organizations, and is where more effort needs to be placed to protect the organization. One of the most effective ways is through continual Security Awareness Training, which educates users on the latest scams and social engineering tactics used in these kinds of attacks.